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(57) Abstract: A network switch for network communications, wherein the network switch includes at least one data port interface 
supporting a plurality of data ports transmitting and receiving data at a first data rate and a second data rate. The at least one data 
port interface includes an ingress logic circuit in communication with the at least one data port interface for generating at least one 
of an ingress address resolution and a filtering search request. A CPU interface is provided and configured to communicate with 
a CPU A shared hierarchical memory structure including an internal memory in communication with- the at least one data port 
interface, and an external memory in communication with a memory management unit via an external memory interface is provided. 
A communication channel is provided for communicating data between the at least one data port interface, the internal memory, the 
CPU interface, and the memory management unit. Additionally, a unified table is provided, wherein the unified table is in connection 
with the communication channel, and the at least one data port interface. The unified table contains packet handling data for the 
network switch. 
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TITLE OF THE INVENTION : 

UNIFIED TABLE FOR L2, L3, L4, SWITCHING AND FILTERING 
REFERENCE TO RELATED APPLICATIONS : 

*■ This application claims priority of United States Provisional Patent 
5 Application Serial No. 60/145,076, which was filed on July 21, 1999. The 
subject matter of this earlier filed application is hereby incorporated by 
reference. 

BACKGROUND OF THE INVENTION : : 

Field of the Invention: 

1 o The invention relates to a method and apparatus for high performance 

switching in local area communications networks such as token ring, ATM, 
ethernet, fast ethernet, and gigabit ethernet environments, generally known 
as LANs. In particular, the invention relates to a new switching architecture 
in an integrated, modular, single chip solution, which can be implemented on 

15 a semiconductor substrate such as a silicon chip. 
Description of the Related Art: 

As computer performance has increased in recent years, the demands 
on computer networks has significantly increased; faster computer processors 
and higher memory capabilities need networks with high bandwidth 

20 capabilities to enable high speed transfer of significant amounts of data. The 
well-known ethernet technology, which is based upon numerous IEEE 
ethernet standards, is one example of computer networking technology which 
has been able to be modified and improved to remain a viable computing 
technology. A more complete discussion of prior art networking systems can 

25 be found, for example, in SWITCHED AND FAST ETHERNET, by Breyer and 
Riley (Ziff-Davis, 1 996), and numerous IEEE publications relating to IEEE 802 
standards. Based upon the Open Systems Interconnect (OSI) 7-layer 
reference model, network capabilities have grown through the development 
of repeaters, bridges, routers, and, more recently, "switches", which operate 
30 with various types of communication media. Thickwire, thinwire, twisted pair, 
and optical fiber are examples of media which has been used for computer 
networks. Switches, as they relate to computer networking and to ethernet, 
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are hardware-based devices which control the flow of data packets or cells 
based upon destination address information which is available in each packet. 
A properly designed and implemented switch should be capable of receiving 
a packet and switching the packet to an appropriate output port at what is 
5 referred to wirespeed or linespeed, which is the maximum speed capability of 
the particular network. Basic ethernet wirespeed is up to 10 megabits per 
second, and Fast Ethernet is up to 100 megabits per second. The newest 
ethernet is referred to as gigabit ethernit, and is capable of transmitting data 
over a network at a rate of up to 1 ,000 megabits per second. As speed has 
10 increased, design constraints and design requirements have become more 
and more complex with respect to following appropriate design and protocol 
rules and providing a low cost, commercially viable solution. For example, 
high speed switching requires high speed memory to provide appropriate 
buffering of packet data; conventional Dynamic Random Access Memory 
15 (DRAM) is relatively slow, and requires hardware-driven refresh. The speed 
of DRAMs, therefore, as buffer memory in network switching, results in 
valuable time being lost, and it becomes almost impossible to operate the 
switch or the network at linespeed. Furthermore, external CPU involvement 
should be avoided, since CPU involvement also makes it almost impossible 
20 to operate the switch at linespeed. Additionally, as network switches have 
become more and more complicated with respect to requiring rules tables and 
memory control, a complex multi-chip solution is necessary which requires 
logic circuitry, sometimes referred to as glue logic circuitry, to enable the 
various chips to communicate with each other. Additionally, cost/benefit 
25 tradeoffs are necessary with respect to expensive but fast SRAMs versus 
inexpensive but slow DRAMs. Additionally, DRAMs, by virtue of their dynamic 
nature, require refreshing of the memory contents in order to prevent losses 
thereof. SRAMs do not suffer from the refresh requirement, and have reduced 
operational overhead which compared to DRAMs such as elimination of page 
30 misses, etc. Although DRAMs have adequate speed when accessing 
locations on the same page, speed is reduced when other pages must be 
accessed. 
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Referring tothe OSI 7-layer reference model discussed previously, and 
iilustrated in Figure 7, the higher layers typically have more information 
Various types of products are available for performing switching-related 
functions at various levels of the OSI model. Hubs or repeaters operate at 
5 layer one. and essentially copy and "broadcast" incoming data to a pluralrty 
' of spokes of the hub. Layer two switching-related devices are typically 
referred to as multiport bridges, and are capable of bridging two separate 
networks. Bridges can build a table of forwarding rules based upon wh.ch 
MAC (media access controller) addresses exist on which ports of the bndge. 
10 and pass packets which are destined for an address which is located on an 
" opposite side of the bridge. Bridges typically utilize what is known as the 
"spanning tree" algorithm to eliminate potential data loops; a data loop ,s a 
situation wherein a packet endlessly loops in a network looking for a particular 
address. The spanning tree algorithm defines a protocol for preventing date 
15 ioops. Layer three switches, sometimes referred to as routers, can fcward 
packets based upon the destination network address. Layer three switches 
are capable of learning addresses and maintaining tables thereof wh,ch 
correspond to port mappings. Processing speed for layer three switches can 
be improved by utilizing specialized high performance hardware, and off 
20 loading the host CPU so that instruction decisions do not delay packet 

forwarding. 

imtBY OF THF IN VENTION: 

The present invention provides a network switch for network 
communications, wherein the network switch includes at least one data port 
25 interface supporting a plurality of data ports transmitting and rece,v,ng data 
at a first data rate and a second data rate. The a, least one data port 
interface includes an ingress logic circuit in communication with the at least 
one data port interface for generating at leas, one of an ingress address 
resolution and a filtering search request. A CPU interface ,s provided and 
30 configured to communicate with a CPU. A shared hierarchical memory 
s,ructureinc,udinganinterna,memoryincommunica,ionwi t h,hea..eas.one 

date port interface, and an external memory in communication with a memory 
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management unit via an external memory interface is provided. A 
communication channel is provided for communicating data between the at 
least one data port interface, the internal memory, the CPU interface, and the 
memory management unit. Additionally, a unified table is provided, wherein 
5 the unified table is in connection with the communication channel, and the at 
least one data port interface. The unified table contains packet handling data 
for the network switch. 

The present invention further includes a network switch for network 
communications, wherein the network switch includes at least one data port 
10 interface supporting a plurality of data ports, and the at least one data port 
interface having an ingress logic circuit in communication with the at least one 
data port interface for generating an ingress address resolution and filtering 
search request. A unified table having a table logic circuit in communication 
therewith is provided, and the table logic circuit is further in communication 
15 with the at least one data port interface. The table logic of the invention being 
configured to receive a search request from the ingress logic circuit and 
search the unified table for an entry desired by the search request. 

The present invention further includes a method for conducting address 
resolution and filtering in a network switch, wherein the method includes the 
20 steps of receiving a packet on a port of a network switch, generating a search 
request for address resolution of the packet, and searching a unified table 
having both address resolution information and filtering information therein 
with the search request to determine if a match to the search request is in the 
unified table. Thereafter, the method determines if the unified table contains 
25 the match to the search request, and generates a search response in 
accordance with an outcome of the determination. 

The present invention further includes a method for switching and 
filtering in a network switch, wherein the method includes the steps of 
receiving a packet at a port of a network switch, generating an address 
30 resolution search request and a filtering search request in a port switch circuit, 
and receiving the address resolution search request and the filtering request 
in a unified table logic circuit. Thereafter, the method converts the address 
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resolution search request and the filtering search request into unified table 
formatted requests, and searches a unified table with the unified table 
formatted requests. Upon completion of searching the table, the method 
generates a response to the address resolution search request and the 
5 filtering search request, wherein the unified table contains both address 
resolution information and filtering information. 
BRIEF DESCRIPTION OF THE DRAWINGS : 

The objects and features of Vr\e invention will be more readily 
understood with reference to the following description and the attached 
10 drawings, wherein: 

Figure 1 is a general block diagram of elements of the present 

invention; 

Figure 2 is a more detailed block diagram of a network switch 
according to the present invention; 
15 Figure 3 illustrates the data flow on the CPS channel of a network 

switch according to the present invention; 

Figure 4A illustrates demand priority round robin arbitration for access 
to the C-channel of the network switch; 

Figure 4B illustrates access to the C-channel based upon the round 
20 robin arbitration illustrated in Figure 4A; 

Figure 5 illustrates P-channel message types; 
Figure 6 illustrates a message format for S channel message types; 
Figure 7 is an illustration of the OSI 7 layer reference model; 
Figure 8 illustrates an operational diagram of an EPIC module; 
25 Figure 9 illustrates the slicing of a data packet on the ingress to an 

EPIC module; 

Figure 10 is a detailed view of elements of the PMMU; 
Figure 11 illustrates the CBM cell format; 

Figure 12 illustrates an internal/external memory admission flow chart; 
30 Figure 13 illustrates a block diagram of an egress manager 76 

illustrated in Figure 10; 

Figure 14 illustrates more details of an EPIC module; 
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Figure 15 is a block diagram of a fast filtering processor (FFP); 

Figure 16 is a block diagram of the elements of CMIG 40; 

Figure 17 illustrates a series of steps which are used to program an 

FFP; 

5 Figure 18 is a flow chart illustrating the aging process for ARL (L2) and 

L3 tables; 

Figure 19 illustrates communication using a trunk group according to 
the present invention; 

Figure 20 illustrates an exemplar/ ARL components configuration; 
10 Figure 21 illustrates an exemplary unified table configuration; 

Figure 22 illustrates the unified table format; 
Figure 23 illustrates the unified table action fields format; 
Figure 24 illustrates the unified table logic request format; 
Figure 25 illustrates an exemplary flowchart of ingress port logic; 
1 5 Figure 26 illustrates an exemplary flowchart of the unified table logic; 

Figure 27 illustrates the unified table logic response format; and 
Figure 28 illustrates the unified table logic response packing. 
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS . 

Figure 1 illustrates a configuration wherein a switch-on-chip (SOC) 1 0, 
20 in accordance with the present invention, is functionally connected to external 
devices 1 1 , external memory 12, fast ethernet ports 13, and gigabit ethernet 
ports 1 5. For the purposes of this embodiment, fast ethernet ports 1 3 will be 
considered low speed ethernet ports, since they are capable of operating at 
speeds ranging from 10 Mbps to 100 Mbps, while the gigabit ethernet ports 
25" 15, which are high speed ethernet ports, are capable of operating at 1000 
Mbps. External devices 11 could include other switching devices for 
expanding switching capabilities, or other devices as may be required by a 
particular application. External memory 12 is additional off-chip memory, 
which is in addition to internal memory which is located on SOC 10, as will be 
30 discussed below. CPU 52 can be used as necessary to program SOC 1 0 with 
rules which are appropriate to control packet processing. However, once SOC 
10 is appropriately programmed or configured, SOC 10 operates, as much as 
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possible, in a free running manner without communicating with CPU 52. 
Because CPU 52 does not control every aspect of the operation of SOC 10, 
CPU 52 performance requirements, at least with respect to SOC 10, are fairly 
low. A less powerful and therefore less expensive CPU 52 can therefore be 
5 used when compared to known network switches. As also will be discussed 
below, SOC 10 utilizes external memory 12 in an efficient manner so that the 
cost and performance requirements of memory 12 can be reduced. Internal 
memory on SOC 10,. as will be discussed below, is also configured to 
maximize switching throughput and minimize costs. 

10 It should be noted that any number of fast ethernet ports 1 3 and gigabit 

ethernet ports 15 can be provided. In one embodiment, a maximum of 24 fast 
. ethernet ports 1 3 and 2 gigabit ports 1 5 can be provided. Similarly, additional 
interconnect links to additional external devices 1 1 , external memory 12, and 
CPUs 52 may be provided as necessary. 

15 Figure 2 illustrates a more detailed block diagram of the functional 

elements of SOC 10. As evident from Figure 2 and as noted above, SOC 10 
includes a plurality of modular systems on-chip, with each modular system, 
although being on the same chip, being functionally separate from other 
modular systems. Therefore, each module can efficiently operate in parallel 

20 with other modules, and this configuration enables a significant amount of 
freedom in updating and re-engineering SOC 10. 

SOC 10 includes a plurality of Ethernet Port Interface Controllers 
(EPIC) 20a, 20b, 20c, etc., a plurality of Gigabit Port Interface Controllers 
(GPIC) 30a, 30b, etc., a CPU Management Interface Controller (CMIC) 40, a 

25 Common Buffer Memory Pool (CBP) 50, a Pipelined Memory Management 
Unit (PMMU) 70, including a Common Buffer Manager (CBM) 71, and a 
system-wide bus structure referred to as CPS channel 80. The PMMU 70 
communicates with external memory 12, which includes a Global Buffer 
Memory Pool (GBP) 60. The CPS channel 80 comprises C channel 81, P 

30 channel 82, and S channel 83. The CPS channel is also referred to as the 
Cell Protocol Sideband Channel, and is a 17 Gbps channel which glues or 
interconnects the various modules together. As also illustrated in Figure 2, 
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other high speed interconnects can be provided, as shown as an extendible 
high speed interconnect. In one embodiment of the invention, this 
interconnect can be in the form of an interconnect port interface controller 
(IPIC) 90, which is capable of interfacing CPS channel 80 to external devices 
5 11 through an extendible high speed interconnect link. As will be discussed 
below, each EPIC 20a, 20b, and 20c, generally referred to as EPIC 20, and 
GPIC 30a and 30b, generally referred to as GPIC 30, are closely interrelated 
with appropriate address resolution logic and layer three switching tables 21a, 
21b, 21c, 31a, 31b, rules tables 22a, 22b, 22c, 31a, 31b, and VLAN tables 
10 23a, 23b, 23c, 31a, 31b. These tables will be generally referred to as 21, 31, 
22, 32, 23, 33, respectively. These tables, like other tables on SOC 10, are 
implemented in silicon as two-dimensional arrays. 

In a preferred embodiment of the invention, each EPIC 20 supports 8 
fast ethernet ports 13, and switches packets to and/or from these ports as 
15 may be appropriate. The ports, therefore, are connected to the network 
medium (coaxial, twisted pair, fiber, etc.) using known media connection 
technology, and communicates with the CPS channel 80 on the other side 
thereof. The interface of each EPIC 20 to the network medium can be 
provided through a Reduced Media Internal Interface (RMII), which enables 
20 the direct medium connection to SOC 10. As is known in the art, auto- 
negotiation is an aspect of fast ethernet, wherein the network is capable of 
negotiating a highest communication speed between a source and a 
destination based on the capabilities of the respective devices. The 
communication speed can vary, as noted previously, between 10 Mbps and 
25 100 Mbps; auto negotiation capability, therefore, is built directly into each 
EPIC module. The address resolution logic (ARL) and layer three tables 
(ARLYL3) 21 a, 21 b, 21 c, rules table 22a, 22b, 22c, and VLAN tables 23a, 23b, 
and 23c are configured to be part of or interface with the associated EPIC in 
an efficient and expedient manner, also to support wirespeed packet flow. 
30 Each EPIC 20 has separate ingress and egress functions. On the 

ingress side, self-initiated and CPU-initiated learning of level 2 address 
information can occur. Address resolution logic (ARL) is utilized to assist in 
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this task. Address aging is built in as a feature, in order to eliminate the 
storage of address information which is no longer valid or useful. The EPIC 
also carries out layer 2 mirroring. A fast filtering processor (FFP) 141 (see 
Fig. 14) is incorporated into the EPIC, in order to accelerate packet forwarding 
5 and enhance packet flow. The ingress side of each EPIC and GPIC, 
illustrated in Figure 8 as ingress submodule 14, has a significant amount of 
complexity to be able to properly process a significant number of different 
types of packets which may come in to the port, for linespeed buffering and 
then appropriate transfer to the egress. Functionally, each port on each 
10 module of SOC 10 has a separate ingress submodule 14 associated 
therewith. From an implementation perspective, however, in order to 
minimize the amount of hardware implemented on the single-chip SOC 10, 
common hardware elements in the silicon will be used to implement a plurality 
of ingress submodules on each particular module. The configuration of SOC 
15 10 discussed herein enables concurrent lookups and filtering, and therefore, 
processing of up to 6.6 million packets per second. Layer two lookups, Layer 
three lookups and filtering occur simultaneously to achieve this level of 
performance. On the egress side, the EPIC is capable of supporting packet 
polling based either as an egress management or class of service (COS) 
20 function. Rerouting/scheduling of packets to be transmitted can occur, as well 
as head-of-line (HOL) blocking notification, packet aging, cell reassembly, and 
other functions associated with ethernet port interface. 

Each GPIC 30 is similar to each EPIC 20, but supports only one gigabit 
ethernet port, and utilizes a port-specific ARL table, rather than utilizing an 
25 ARL table which is shared with any other ports. Additionally, instead of an 
RMII, each GPIC port interfaces to the network medium utilizing a gigabit 
media independent interface (GMU). 

CMIC 40 acts as a gateway between the SOC 10 and the host CPU. 
The communication can be, for example, along a PCI bus, or other 
30 acceptable communications bus. CMIC 40 can provide sequential direct 
mapped accesses between the host CPU 52 and the SOC 10. CPU 52, 
through the CMIC 40, will be able to access numerous resources on SOC 10, 
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including MIB counters, programmable registers, status and control registers, 
configuration registers, ARL tables, port-based VLAN tables, IEEE 802. 1q 
VLAN tables, layer three tables, rules tables, CBP address and data memory, 
as well as GBP address and data memory. Optionally, the CMIC 40 can 
5 include DMA support, DMA chaining and scatter-gather, as well as master 
arid target PCI64. 

Common buffer memory pool or CBP 50 can be considered to be the 
on-chip data memory. In one embodiment of the invention, the CBP 50 is first 
level high speed SRAM memory, to maximize performance and minimize 

10 hardware overhead requirements. The CBP can have a size of, for example, 
720 kilobytes running at 1 32 MHz. Packets stored in the CBP 50 are typically 
stored as cells, rather than packets. As illustrated in the figure, PMMU 70 
also contains the Common Buffer Manager (CBM) 71 thereupon. CBM 71 
handles queue management, and is responsible for assigning cell pointers to 

15 incoming cells, as well as assigning common packet IDs (CPID) once the 
packet is fully written into the CBP. CBM 71 can also handle management of 
the on-chip free address pointer pool, control actual data transfers to and from 
the data pool, and provide memory budget management. 

Global memory buffer pool or GBP 60 acts as a second level memory, 

20 and can be located on-chip or off chip. In the preferred embodiment, GBP 60 
is located off chip with respect to SOC 10. When located off-chip, GBP 60 is 
considered to be a part of or all of external memory 12. As a second level 
memory, the GBP does not need to be expensive high speed SRAMs, and 
can be a slower less expensive memory such as DRAM. The GBP is tightly 

25 coupled to the PMMU 70, and operates like the CBP in that packets are 
stored as cells. For broadcast and multicast messages, only one copy of the 
packet is stored in GBP 60. 

As shown in the figure, PMMU 70 is located between GBP 60 and CPS 
channel 80, and acts as an external memory interface. In order to optimize 

30 memory utilization, PMMU 70 includes multiple read and write buffers, and 
supports numerous functions including global queue management, which 
broadly includes assignment of cell pointers for rerouted incoming packets, 
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maintenance of the global FAP, time-optimized cell management, global 
memory budget management, GPID assignment and egress manager 
notification, write buffer management, read prefetches based upon egress 
manager/class of service requests, and smart memory control. 
5 As shown in Figure 2, the CPS channel 80 is actually three separate 

channels, referred to as the C-channel, the P-channel, and the S-channeL 
The C-channel is 128 bits wide, and runs at 132 MHz. Packet transfers 
between ports occur on the C-channel. Since this channel is used solely for 
data transfer, there is no overhead associated with its use. The P-channel or 

10 protocol channel is synchronous or locked with the C-channel. During cell 
transfers, the message header is sent via the P-channel by the PMMU. The 
P-channel is 32 bits wide, and runs at 132 MHz. 

The S or sideband channel runs at 1 32 MHz, and is 32 bits wide. The 
S-channel is used for functions such as four conveying Port Link Status, 

15 receive port full, port statistics, ARL table synchronization, memory and 
register access to CPU and other CPU management functions, and global 
memory full and common memory full notification. 

A proper understanding of the operation of SOC 10 requires a proper 
understanding of the operation of CPS channel 80. Referring to Figure 3, it 

20 can be seen that in SOC 10, on the ingress, packets are sliced by an EPIC 20 
or GPIC 30 into 64-byte cells. The use of cells on-chip instead of packets 
makes it easier to adapt the SOC to work with cell based protocols such as, 
for example, Asynchronous Transfer Mode (ATM). Presently, however, ATM 
utilizes cells which are 53 bytes long, with 48 bytes for pay load and 5 bytes 

25 for header. In the SOC, incoming packets are sliced into cells which are 64 
bytes long as discussed above, and the cells are further divided into four 
separate 16 byte cell blocks Cn0...Cn3. Locked with the C-channel is the P- 
channel, which locks the opcode in synchronization with CnO. A port bit map 
is inserted into the P-channel during the phase Cn1, The untagged bit map 

30 is inserted into the P-channel during phase Cn2, and a time stamp is placed 
on the P-channel in Cn3. Independent from occurrences on the C and P- 
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channel, the S-channel is used as a sideband, and is therefore decoupled 
from activities on the C and P-channel. 
Cell or C-Channel 

Arbitration for the CPS channel occurs out of band. Every module 

-5 (EPIC,. GPIC, etc.) monitors the channel, and matching destination ports 
respond to appropriate transactions. C-channel arbitration is a demand priority 
round robin arbitration mechanism. If no requests are active, however, the 
default module, which can be selected during the configuration of SOC 10, 
can park on the channel and have complete access thereto. If all requests 

10 are active, the configuration of SOC 10 is such that the PMMU is granted 
access every other cell cycle, and EPICs 20 and GPICs 30 share equal 
access to the C-channel on a round robin basis. Figures 4A and 4B illustrate 
a C-channel arbitration mechanism wherein section A is the PMMU, and 
section B consists of two GPICs and three EPICs. The sections alternate 

1 5 access, and since the PMMU is the only module in section A, it gains access 
every other cycle. The modules in section B, as noted previously, obtain 
access on a round robin basis. 
Protocol or P-Channel 

Referring once again to the protocol or P-channel, a plurality of 

20 messages can be placed on the P-channel in order to properly direct flow of 
data flowing on the C-channel. Since P-channel 82 is 32 bits wide, and a 
message typically requires 128 bits, four smaller 32 bit messages are put 
together in order to form a complete P-channel message. The following list 
identifies the fields and function and the various bit counts of the 128 bit 

25 message on the P-channel. 

Opcode - 2 bits long - Identifies the type of message present on the C 
channel 81; 

IP Bit - 1 bit long - This bit is set to indicate that the packet is an IP 
switched packet; 

30 IPX Bit - 1 bit long - This bit is set to indicate that the packet is an IPX 

switched packet; 
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Next Cell - 2 bits long - A series of values to identify the valid bytes in 
the corresponding cell on the C channel 81; 

SRC DEST Port - 6 bits long - Defines the port number which sends 

the message or receives the message, with the interpretation of the 

source or destination depending upon Opcode; 

Cos - 3 bits long - Defines class of service for the current packet being 

processed; 

J - 1 bit long - Describes whether the current packet is a jumbo packet; 
S - 1 bit long - Indicates whether the current cell is the first cell of the 
packet; 

E - 1 bit long - Indicates whether the current cell is the last cell of the 

packet; 

CRC - 2 bits long - Indicates whether a Cyclical Redundancy Check 
(CRC) value should be appended to the packet and whether a CRC 
value should be regenerated; 

P Bit - 1 bit long - Determines whether MMU should Purge the entire 
packet; 

Len - 7 bytes - Identifies the valid number of bytes in current transfer; 
O - 2 bits - Defines an optimization for processing by the CPU 52; and 
Bc/Mc Bitmap - 28 bits - Defines the broadcast or multicast bitmap. 
Identifies egress ports to which the packet should be set, regarding 
multicast and broadcast messages. 

Untag Bits/Source Port - 28/5 bits long - Depending upon Opcode, 
the packet is transferred from Port to MMU, and this field is interpreted 
as the untagged bit map. A different Opcode selection indicates that 
the packet is being transferred from MMU to egress port, and the last 
six bits of this field is interpreted as the Source Port field. The 
untagged bits identifies the egress ports which will strip the tag header, 
and the source port bits identifies the port number upon which the 
packet has entered the switch; 
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U Bit - 1 bit long - For a particular Opcode selection (0x01, this bit 
being set indicates that the packet should leave the port as Untagged; 
in this case, tag stripping is performed by the appropriate MAC; 
CPU Opcode - 18 bits long - These bits are set if the packet is being 
5 sent to the CPU for any reason. Opcodes are defined based upon filter 

match, learn bits being set, routing bits, destination lookup failure 
(DLF), station movement, etc; 

Time Stamp - 14 bits - The system puts a time stamp in this field when 
the packet arrives, with a granularity of 1 psec. 

10 The opcode field of the P-channel message defines the type of 

message currently being sent. While the opcode is currently shown as having 
a width of 2 bits, the opcode field can be widened as desired to account for 
new types of messages as may be defined in the future. Graphically, 
however, the P-channel message type defined above is shown in Figure 5. 

15 An early termination message is used to indicate to CBM 71 that the 

current packet is to be terminated. During operation, as discussed in more 
detail below, the status bit (S) field in the message is set to indicate the desire 
to purge the current packet from memory. Also in response to the status bit 
all applicable egress ports would purge the current packet prior to 

20 transmission. 

The Src Dest Port field of the P-channel message, as stated above, 
define the destination and source port addresses, respectively. Each field is 
6 bits wide and therefore allows for the addressing of sixty-four ports. 

The CRC field of the message is two bits wide and defines CRC 

25 actions. Bit 0 of the field provides an indication whether the associated 
egress port should append a CRC to the current packet. An egress port 
would append a CRC to the current packet when bit 0 of the CRC field is set 
to a logical one. Bit 1 of the CRC field provides an indication whether the 
associated egress port should regenerate a CRC for the current packet. An 

30 egress port would regenerate a CRC when bit 1 of the CRC field is set to a 
logical one. The CRC field is only valid for the last cell transmitted as defined 
by the E bit field of P-channel message set to a logical one. 
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As with the CRC field, the status bit field (st), the Len field, and the Cell 
Count field of the message are only valid for the last cell of a packet being 
transmitted as defined by the E bit field of the message. 

Last, the time stamp field of the message has a resolution of 1 jjs and 
5 is valid only for the first cell of the packet defined by the S bit field of the 
message. A cell is defined as the first cell of a received packet when the S 
bit field of the message is set to a logical one value. 

As is described in more detail below, the G channel 81 and the P 
channel 82 are synchronously tied together such that data on C channel 81 

10 is transmitted over the CPS channel 80 while a corresponding P channel 
message is simultaneously transmitted. 
S-Channel or Sideband Channel 

The S channel 83 is a 32-bit wide channel which provides a separate 
communication path within the SOC 10. The S channel 83 is used for 

15 management by CPU 52, SOC 10 internal flow control, and SOC 10 inter- 
module messaging. The S channel 83 is a sideband channel of the CPS 
channel 80, and is electrically and physically isolated from the C channel 81 
and the P channel 82. It is important to note that since the S channel is 
separate and distinct from the C channel 81 and the P channel 82, operation 

20 of the S channel 83 can continue without performance degradation related to 
the C channel 81 and P channel 82 operation. Conversely, since the C 
channel is not used for the transmission of system messages, but rather only 
data, there is no overhead associated with the C channel 81 and, thus, the C 
channel 81 is able to free-run as needed to handle incoming and outgoing 

25 packet information. 

The S channel 83 of CPS channel 80 provides a system wide 
communication path for transmitting system messages, for example, providing 
the CPU 52 with access to the control structure of the SOC 10. System 
messages include port status information, including port link status, receive 

30 port full, and port statistics, ARL table 22 synchronization, CPU 52 access to 
GBP 60 and CBP 50 memory buffers and SOC 10 control registers, and 
memory full notification corresponding to GBP 60 and/or CBP 50. 
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Figure 6 illustrates a message format for an S channel message on S 
channel 83. The message is formed of four 32-bit words; the bits of the fields 
of the words are defined as follows: 

Opcode - 6 bits long - Identifies the type of message present on the S 

channel; 

Dest Port - 6 bits long - Defines the port number to which the current 
S channel message is addressed; 

Src Port -6 bits long - Defines the port number of which the current S 
channel message originated; 

COS - 3 bits long - Defines the class of service associated with the 
current S channel message; and 

C bit - 1 bit long - Logically defines whether the current S channel 
message is intended for the CPU 52. 

Error Code - 2 bits long - Defines a valid error when the E bit is set; 
DataLen - 7 bits long - Defines the total number of data bytes in the 
Data field; 

E bit - 1 bit long - Logically indicates whether an error has occurred in 
the execution of the current command as defined by opcode; 
Address - 32 bits long - Defines the memory address associated with 
the current command as defined in opcode; 

Data - 0-127 bits long - Contains the data associated with the current 
opcode. 

With the configuration of CPS channel 80 as explained above, the 
decoupling of the S channel from the C channel and the P channel is such 
that the bandwidth on the C channel can be preserved for cell transfer, and 
that overloading of the C channel does not affect communications on the 
sideband channel. 
SOC Operation 

The configuration of the SOC 10 supports fast ethernet ports, gigabit 
ports, and extendible interconnect links as discussed above. The SOC 
configuration can also be "stacked", thereby enabling significant port 
expansion capability. Once data packets have been received by SOC 10, 
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sliced into cells, and placed on CPS channel 80, stacked SOC modules can 
interface with the CPS channel and monitor the channel, and extract 
appropriate information as necessary. As will be discussed below, a 
significant amount of concurrent lookups and filtering occurs as the packet 
5 comes in to ingress submodule 14 of an EPIC 20 or GPIC 30, with respect to 
layer two and layer three lookups, and fast filtering. 

Now referring to Figs. 8 and 9, the handling of a data packet is 
described. For explanation purposes, ethernet data to be received will 
consider to arrive at one of the ports 24a of EPIC 20a. It will be presumed 

10 that the packet is intended to be transmitted to a user on one of ports 24c of 
EPIC 20c. All EPICs 20 (20a, 20b, 20c, etc.) have similar features and 
functions, and each individually operate based on packet flow. 

An input data packet 1 1 2 is applied to the port 24a is shown. The data 
packet 112 is, in this example, defined per the current standards for 10/100 

1 5 Mbps Ethernet transmission and may have any length or structure as defined 
by that standard. This discussion will assume the length of the data packet 
1 1 2 to be 1 024 bits or 1 28 bytes. 

When the data packet 112 is received by the EPIC module 20a, an 
ingress sub-module 14a, as an ingress function, determines the destination 

20 of the packet 112. The first 64 bytes of the data packet 112 is buffered by the 
ingress sub-module 14a and compared to data stored in the lookup tables 
21a to determine the destination port 24c. Also as an ingress function, the 
ingress sub-module 14a slices the data packet 1 12 into a number of 64-byte 
cells; in this case, the 128 byte packet is sliced in two 64 byte cells 1 12a and 

25 1 12b. While the data packet 1 12 is shown in this example to be exactly two 
64-byte cells 1 12a and 1 1 2b, an actual incoming data packet may include any 
number of cells, with at least one cell of a length less than 64 bytes. Padding 
bytes are used to fill the cell. In such cases the ingress sub-module 14a 
disregards the padding bytes within the cell. Further discussions of packet 

30 handling will refer to packet 112 and/or cells 11 2a and 1 12b. 

It should be noted that each EPIC 20 (as well as each GPIC 30) has 
an ingress submodule 14 and egress submodule 16, which provide port 
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specific ingress and egress functions. All incoming packet processing occurs 
in ingress submodule 14, and features such as the fast filtering processor, 
layer two (L2) and layer three (L3) lookups, layer two learning, both self- 
initiated and CPU 52 initiated, layer two table management, layer two 
5 switching, packet slicing, and channel dispatching occurs in ingress 
submodule 14. After lookups, fast filter processing, and slicing into cells, as 
noted above and as will be discussed below, the packet is placed from 
ingress submodule 14 into dispatch unit 18, and then placed onto CPS 
channel 80 and memory management is handled by PMMU 70. A number of 

10 ingress buffers are provided in dispatch unit 18 to ensure proper handling of 
the packets/cells. Once the cells or cellularized packets are placed onto the 
CPS channel 80, the ingress submodule is finished with the packet. The 
ingress is not involved with dynamic memory allocation, or the specific path 
the cells will take toward the destination. Egress submodule 16, illustrated in 

15 Figure 8 as submodule 16a of EPIC 20a, monitors CPS channel 80 and 
continuously looks for cells destined for a port of that particular EPIC 20. 
When the PMMU 70 receives a signal that an egress associated with a 
destination of a packet in memory is ready to receive cells, PMMU 70 pulls 
the cells associated with the packet out of the memory, as will be discussed 

20 below, and places the cells on CPS channel 80, destined for the appropriate 
egress submodule. A FIFO in the egress submodule 16 continuously sends 
a signal onto the CPS channel 80 that it is ready to receive packets, when 
there is room in the FIFO for packets or cells to be received. As noted 
previously, the CPS channel 80 is configured to handle cells, but cells of a 

25 particular packet are always handled together to avoid corrupting of packets. 

In order to overcome data flow degradation problems associated with 
overhead usage of the C channel 81, all L2 learning and L2 table 
management is achieved through the use of the S channel 83. L2 self- 
initiated learning is achieved by deciphering the source address of a user at 

30 a given ingress port 24 utilizing the packet's associated address. Once the 
identity of the user at the ingress port 24 is determined, the ARL/L3 tables 
21a are updated to reflect the user identification. The ARL/L3 tables 21 of 
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each other EPIC 20 and GPIC 30 are updated to reflect the newly acquired 
user identification in a synchronizing step, as will be discussed below. As a 
result, while the ingress of EPIC 20a may determine that a given user is at a 
given port 24a, the egress of EPIC 20b, whose table 21b has been updated 
5 with the user's identification at port 24a, can then provide information to the 
User at port 24a without re-learning which port the user was connected. 

Table management may also be achieved through the use of the CPU 
52. CPU 52, via the CMIC 40, can provide the SOC 10 with software 
functions which result in the designation of the identification of a user at a 
1 0 given port 24. As discussed above, it is undesirable for the CPU 52 to access 
the packet information in its entirety since this would lead to performance 
degradation. Rather, the SOC 10 is programmed by the CPU 52 with 
identification information concerning the user. The SOC 10 can maintain real- 
time data flow since the table data communication between the CPU 52 and 
15 the SOC 10 occurs exclusively on the S channel 83. While the SOC 10 can 
provide the CPU 52 with direct packet information via the C channel 81 , such 
a system setup is undesirable for the reasons set forth above. As stated 
above, as an ingress function an address resolution lookup is performed by 
examining the ARL table 21a. If the packet is addressed to one of the layer 
20 three (L3) switches of the SOC 1 0, then the ingress sub-module 14a performs 
the L3 and default table lookup. Once the destination port has been 
determined, the EPIC 20a sets a ready flag in the dispatch unit 18a which 
then arbitrates for C channel 81 . 

The C channel 81 arbitration scheme, as discussed previously and as 
25 illustrated in Figures 4A and 4B, is Demand Priority Round-Robin. Each I/O 
module, EPIC 20, GPIC 30, and CMIC 40, along with the PMMU 70, can 
initiate a request for C channel access. If no requests exist at any one given 
time, a default module established with a high priority gets complete access 
to the C channel 81 . If any one single I/O module or the PMMU 70 requests 
30 C channel 81 access, that single module gains access to the C channel 81 
on-demand. 
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If EPIC modules 20a, 20b, 20c, and GPIC modules 30a and 30b, and 
CMIC 40 simultaneously request C channel access, then access is granted 
in round-robin fashion. For a given arbitration time period each of the I/O 
modules would be provided access to the C channel 81 . For example, each 
5 GPIC module 30a and 30b would be granted access, followed by the EPIC 
modules, and finally the CMIC 40. After every arbitration time period the next 
I/O module with a valid request would be given access to the C channel 81. 
This pattern would continue as long as each of the I/O modules provide an 
active C channel 81 access request. 

10 If all the I/O modules, including the PMMU 70, request C channel 81 

access, the PMMU 70 is granted access as shown in Fig. 4B since the PMMU 
provides a critical data path for all modules on the switch. Upon gaining 
access to the channel 81, the dispatch unit 18a proceeds in passing the 
received packet 112, one cell at a time, to C channel 81 . 

15 Referring again to Figure 3, the individual C, P, and S channels of the 

CPS channel 80 are shown. Once the dispatch unit 18a has been given 
permission to access the CPS channel 80, during the first time period CnO, 
the dispatch unit 18a places the first 16 bytes of the first cell 112a of the 
received packet 1 12 on the C channel 81 . Concurrently, the dispatch unit 18a 

20 places the first P channel message corresponding to the currently transmitted 
cell. As stated above, the first P channel message defines, among other 
things, the message type. Therefore, this example is such that the first P 
channel message would define the current cell as being a unicast type 
message to be directed to the destination egress port 21c. 

25 During the second clock cycle Cn1, the second 16 bytes (16:31) of the 

currently transmitted data cell 112a are placed on the C channel 81. 
Likewise, during the second clock cycle Cn1 , the Bc/Mc Port Bitmap is placed 
on the P channel 82. 

As indicated by the hatching of the S channel 83 data during the time 

30 periods CnO to Cn3 in Fig. 3, the operation of the S channel 83 is decoupled 
from the operation of the C channel 81 and the P channel 82. For example, 
the CPU 52, via the CMIC 40, can pass system level messages to non-active 
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modules while an active module passes cells on the C channel 81. As 
previously stated, this is an important aspect of the SOC 10 since the S 
channel operation allows parallel task processing, permitting the transmission 
of cell data on the C channel 81 in real-time. Once the first cell 1 12a of the 
5 incoming packet 112 is placed on the CPS channel 80 the PMMU 70 
determines whether the cell is to be transmitted to an egress port 21 local to 
the SOC 10. 

If the PMMU 70 determines that the current cell 1 12a on the C channel 
81 is destined for an egress port of the SOC 10, the PMMU 70 takes control 

10 of the cell data flow. 

Figure 10 illustrates, in more detail, the functional egress aspects of 
PMMU 70. PMMU 70 includes CBM 71, and interfaces between the GBP, 
CBP and a plurality of egress managers (EgM) 76 of egress submodule 18, 
with one egress manager 76 being provided for each egress port. CBM 71 

15 is connected to each egress manager 76, in a parallel configuration, via R 
channel data bus 77. R channel data bus 77 is a 32-bit wide bus used by 
CBM 71 and egress managers 76 in the transmission of memory pointers and 
system messages. Each egress manager 76 is also connected to CPS 
channel 80, for the transfer of data cells 112a and 112b. 

20 CBM 71, in summary, performs the functions of on-chip FAP (free 

address pool) management, transfer of cells to CBP 50, packet assembly and 
notification to the respective egress managers, rerouting of packets to GBP 
60 via a global buffer manager, as well as handling packet flow from the GBP 
60 to CBP 50. Memory clean up, memory budget management, channel 

25 interface, and cell pointer assignment are also functions of CBM 71. With 
respect to the free address pool, CBM 71 manages the free address pool and 
assigns free cell pointers to incoming cells. The free address pool is also 
written back by CBM 71, such that the released cell pointers from various 
egress managers 76 are appropriately cleared. Assuming that there is 

30 enough space available in GBP 50, and enough free address pointers 
available, CBM 71 maintains at least two cell pointers per egress manager 76 
which is being managed. The first cell of a packet arrives at an egress 
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manager 76, and CBM 71 writes this cell to the CBM memory allocation at the 
address pointed to by the first pointer. In the next cell header field, the second 
pointer is written. The format of the cell as stored in CBP 50 is shown in 
Figure 1 1 ; each line is 1 8 bytes wide. Line 0 contains appropriate information 
5 with respect to first cell and last cell information, broadcast/multicast, number 
of egress ports for broadcast or multicast, cell length regarding the number of 
valid bytes in the cell, the next cell pointer, total cell count in the packet, and 
time stamp. The remaining lines contain cell data as 64 byte cells. The free 
address pool within PMMU 70 stores all free pointers for CBP 50. Each 

10 pointer in the free address pool points to a 64-byte cell in CBP 50; the actual 
cell stored in the CBP is a total of 72 bytes, with 64 bytes being byte data, and 
8 bytes of control information. Functions such as HOL blocking high and low 
watermarks, out queue budget registers, CPID assignment, and other 
functions are handled in CBM 71, as explained herein. 

15 When PMMU 70 determines that cell 112a is destined for an 

appropriate egress port on SOC 1 0, PMMU 70 controls the cell flow from CPS 
channel 80 to CBP 50. As the data packet 1 12 is received at PMMU 70 from 
CPS 80, CBM 71 determines whether or not sufficient memory is available in 
CBP 50 for the data packet 1 1 2. A free address pool (not shown) can provide 

20 storage for at least two cell pointers per egress manager 76, per class of 
service. If sufficient memory is available in CBP 50 for storage and 
identification of the incoming data packet, CBM 71 places the data cell 
information on CPS channel 80. The data cell information is provided by CBM 
71 to CBP 50 at the assigned address. As new cells are received by PMMU 

25 70, CBM 71 assigns cell pointers. The initial pointer for the first cell 112a 
points to the egress manager 76 which corresponds to the egress port to 
which the data packet 112 will be sent after it is placed in memory. In the 
example of Figure 8, packets come in to port 24a of EPIC 20a, and are 
destined for port 24c of EPIC 20c. For each additional cell 1 12b, CBM 71 

30 assigns a corresponding pointer. This corresponding cell pointer is stored as 
a two byte or 16 bit value NCJieader, in an appropriate place on a control 
message, with the initial pointer to the corresponding egress manager 76, and 
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successive cell pointers as part of each cell header, a linked list of memory 
pointers is formed which defines packet 112 when the packet is transmitted 
via the appropriate egress port, in this case 24c. Once the packet is fully 
written into CBP 50, a corresponding CBP Packet Identifier (CPID) is provided 

5 to the appropriate egress manager 76; this CPID points to the memory 
location of initial cell 1 12a. The CPID for the data packet is then used when 
the data packet 112 is sent to the destination egress port 24c. In actuality, 
the CBM 71 maintains two buffers containing a CBP cell pointer, with 
admission to the CBP being based upon a number of factors. An example of 

10 admission logic for CBP 50 will be discussed below with reference to Figure 
12. 

Since CBM 71 controls data flow within SOC 10, the data flow 
associated with any ingress port can likewise be controlled. When packet 112 
has been received and stored in CBP 50, a CPID is provided to the 

15 associated egress manager 76. The total number of data cells associated 
with the data packet is stored in a budget register (not shown). As more data 
packets 112 are received and designated to be sent to the same egress 
manager 76, the value of the budget register corresponding to the associated 
egress manager 76 is incremented by the number of data cells 112a, 1 12b of 

20 the new data cells received. The budget register therefore dynamically 
represents the total number of cells designated to be sent by any specific 
egress port on an EPIC 20. CBM 71 controls the inflow of additional data 
packets by comparing the budget register to a high watermark register value 
or a low watermark register value, for the same egress. 

25 When the value of the budget register exceeds the high watermark 

value, the associated ingress port is disabled. Similarly, when data cells of an 
egress manager 76 are sent via the egress port, and the corresponding 
budget register decreases to a value below the low watermark value, the 
ingress port is once again enabled. When egress manager 76 initiates the 

30 transmission of packet 112, egress manager 76 notifies CBM 71 , which then 
decrements the budget register value by the number of data cells which are 
transmitted. The specific high watermark values and low watermark values 
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can be programmed by the user via CPU 52. This gives the user control over 
the data flow of any port on any EPIC 20 or GPIC 30. 

Egress manager 76 is also capable of controlling data flow. Each 
egress manager 76 is provided with the capability to keep track of packet 

5 identification information in a packet pointer budget register; as a new pointer 
is received by egress manager 76, the associated packet pointer budget 
register is incremented. As egress manager 76 sends out a data packet 112, 
the packet pointer budget register is decremented. When a storage limit 
assigned to the register is reached, corresponding to a full packet 

10 identification pool, a notification message is sent to all ingress ports of the 
SOC 10, indicating that the destination egress port controlled by that egress 
manager 76 is unavailable. When the packet pointer budget register is 
decremented below the packet pool high watermark value, a notification 
message is sent that the destination egress port is now available. The 

15 notification messages are sent by CBM 71 on the S channel 83. 

As noted previously, flow control may be provided by CBM 71 , and also 
by ingress submodule 14 of either an EPIC 20 or GPIC 30. Ingress 
submodule 14 monitors cell transmission into ingress port 24. When a data 
packet 112 is received at an ingress port 24, the ingress submodule 14 

20 increments a received budget register by the cell count of the incoming data 
packet. When a data packet 112 is sent, the corresponding ingress 14 
decrements the received budget register by the cell count of the outgoing data 
packet 112. The budget register 72 is decremented by ingress 14 in response 
to a decrement cell count message initiated by CBM 71, when a data packet 

25 1 12 is successfully transmitted from CBP 50. 

Efficient handling of the CBP and GBP is necessary in order to 
maximize throughput, to prevent port starvation, and to prevent port underrun. 
For every ingress, there is a low watermark and a high watermark; if cell count 
is below the low watermark, the packet is admitted to the CBP, thereby 

30 preventing port starvation by giving the port an appropriate share of CBP 
space. 
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Figure 12 generally illustrates the handling of a data packet 112 when 
it is received at an appropriate ingress port. This figure illustrates dynamic 
memory allocation on a single port, and is applicable for each ingress port. 
In step 12-1 , packet length is estimated by estimating cell count based upon 
5 egress manager count plus incoming cell count. After this cell count is 
" estimated, the GBP current cell count is checked at step 12-2 to determine 
whether or not the GBP 60 is empty. If the GBP cell count is 0, indicating that 
GBP 60 is empty, the method proceeds to step 12-3, where it is determined 
whether or not the estimated cell count from step 12-1 is less than the 
10 admission low watermark. The admission low watermark value enables the 
reception of new packets 112 into CBP 50 if the total number of cells in the 
associated egress is below the admission low watermark value. If yes, 
therefore, the packet is admitted at step 12-5. If the estimated cell count is 
not below the admission low watermark, CBM 71 then arbitrates for CBP 
1 5 memory allocation with other ingress ports of other EPICs and GPICs, in step 
12-4. If the arbitration is unsuccessful, the incoming packet is sent to a 
reroute process, referred to as A. If the arbitration is successful, then the 
packet is admitted to the CBP at step 12-5. Admission to the CBP is 
necessary for linespeed communication to occur. 
20 The above discussion is directed to a situation wherein the GBP cell 

count is determined to be 0. If in step 1 2-2 the GBP cell count is determined 
not to be 0, then the method proceeds to step 12-6, where the estimated cell 
count determined in step 12-1 is compared to the admission high watermark. 
If the answer is no, the packet is rerouted to GBP 60 at step 12-7. If the 
25 answer is yes, the estimated cell count is then compared to the admission low 
watermark at step 12-8. If the answer is no, which means that the estimated 
cell count is between the high watermark and the low watermark, then the 
packet is rerouted to GBP 60 at step 12-7. If the estimated cell count is below 
the admission low watermark, the GBP current count is compared with a 
30 reroute cell limit value at step 12-9. This reroute cell limit value is user 
programmable through CPU 52. If the GBP count is below or equal to the 
reroute cell limit value at step 12-9, the estimated cell count and GBP count 
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are compared with an estimated cell count low watermark; if the combination 
of estimated cell count and GBP count are less than the estimated cell count 
low watermark, the packet is admitted to the CBP. If the sum is greater than 
' the estimated cell count low watermark, then the packet is rerouted to GBP 
5 60 at step 12-7. After rerouting to GBP 60, the GBP cell count is updated, 
and the packet processing is finished. It should be noted that if both the CBP 
and the GBP are full, the packet is dropped. Dropped packets are handled 
in accordance with known ethernet or network communication procedures, 
and have the effect of delaying communication. However, this configuration 
10 applies appropriate back pressure by setting watermarks, through CPU 52, 
to appropriate buffer values on a per port basis to maximize memory 
utilization. This CBP/GBP admission logic results in a distributed hierarchical 
shared memory configuration, with a hierarchy between CBP 50 and GBP 60, 
and hierarchies within the CBP. 
15 Address Resolution (L2) + (L3) 

Figure 14 illustrates some of the concurrent filtering and look-up details 
of a packet coming into the ingress side of an EPIC 20. Figure 12, as 
discussed previously, illustrates the handling of a data packet with respect to 
admission into the distributed hierarchical shared memory. Figure 14 
20 addresses the application of filtering, address resolution, and rules application 
segments of SOC 10. These functions are performed simultaneously with 
respect to the CBP admission discussed above. As shown in the figure, 
packet 1 12 is received at input port 24 of EPIC 20. It is then directed to input 
FIFO 142. As soon as the first sixteen bytes of the packet arrive in the input 
25 FIFO 142, an address resolution request is sent to ARL engine 143; this 
initiates lookup in ARL/L3 tables 21 . 

A description of the fields of an ARL table of ARL/L3 tables 21 is as 

follows: 

Mac Address - 48 bits long - Mac Address; 
30 VLAN tag - 12 bits long - VLAN Tag Identifier as described in IEEE 

802.1q standard for tagged packets. For an untagged Packet, this 
value is picked up from Port Based VLAN Table. 
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CosDst - 3 bits long - Class of Service based on the Destination 
Address. COS identifies the priority of this packet. 8 levels of priorities 
as described in IEEE 802.1 p standard. 

Port Number - 6 bits long - Port Number is the port on which this Mac 
5 address is learned. 

SD_Disc Bits - 2 bits long - These bits identifies whether the packet 
should be discarded based on Source Address or Destination Address. 
Value 1 means discard on source. Value 2 means discard on 
destination. 

10 C bit - 1 bit long - C Bit identifies that the packet should be given to 

CPU Port. 

St Bit - 1 bit long - St Bit identifies that this is a static entry (it is not 
learned Dynamically) and that means is should not be aged out. Only 
CPU 52 can delete this entry. 
15 Ht Bit - 1 bit long - Hit Bit-This bit is set if there is match with the 

Source Address. It is used in the aging Mechanism. 
CosSrc -- 3 bits long - Class of Service based on the Source Address. 
COS identifies the priority of this packet. 

L3 Bit - 1 bit long - L3 Bit - identifies that this entry is created as result 
20 of L3 Interface Configuration. The Mac address in this entry is L3 

interface Mac Address and that any Packet addresses to this Mac 
Address need to be routed. 

T Bit - 1 bit long - T Bit identifies that this Mac address is learned from 
one of the Trunk Ports. If there is a match on Destination address then 
25 output port is not decided on the Port Number in this entry, but is 

decided by the Trunk Identification Process based on the rules 
identified by the RTAG bits and the Trunk group Identified by the 
TGID. 

TGID - 3 bits long - TGID identifies the Trunk Group if the T Bit is set. 
30 SOC 10 supports 6 Trunk Groups per switch. 

RTAG - 3 bits long - RTAG identifies the Trunk selection criterion if the 
destination address matches this entry and the T bit is set in that entry. 
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Value 1 - based on Source Mac Address. Value 2 - based on 
Destination Mac Address. Value 3 - based on Source & destination 
Address. Value 4 - based on Source IP Address. Value 5 - based on 
Destination IP Address. Value 6 - based on Source and Destination; 
5 IP Address. 

S C P - 1 bit long - Source CoS Priority Bit - If this bit is set (in the 
matched Source Mac Entry) then Source CoS has priority over 
Destination Cos. 

It should also be noted that VLAN tables 23 include a number of table 
10 formats; all of the tables and table formats will not be discussed here. 
However, as an example, the port based VLAN table fields are described as 
follows: 

Port VLAN Id - 12 bits long - Port VLAN Identifier is the VLAN Id used 
by Port Based VLAN. 

15 Sp State - 2 bits long - This field identifies the current Spanning Tree 

State. Value 0x00 - Port is in Disable State. No packets are accepted 
in this state, not even BPDUs. Value 0x01 - Port is in Blocking or 
Listening State, In this state no packets are accepted by the port, 
except BPDUs. Value 0x02 - Port is in Learning State. In this state 

20 the packets are not forwarded to another Port but are accepted for 

learning. Value 0x03 - Port is in Forwarding State. In this state the 
packets are accepted both for learning and forwarding. 
Port Discard Bits - 6 bits long - There are 6 bits in this field and each 
bit identifies the criterion to discard the packets coming in this port. 

25 Note: Bits 0 to 3 are not used. Bit 4 - If this bit is set then all the 

frames coming on this port will be discarded. Bit 5 - If this bit is set 
then any 802. 1q Priority Tagged (vid = 0) and Untagged frame coming 
on this port will be discarded. 

J Bit - 1 bit long - J Bit means Jumbo bit. If this bit is set then this port 
30 should accept Jumbo Frames. 

RTAG - 3 bits long - RTAG identifies the Trunk selection criterion if the 
destination address matches this entry and the T bit is set in that 
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entry. Value 1 - based on Source Mac Address. Value 2 - based on 
Destination Mac Address. Value 3 - based on Source & destination 
Address. Value 4 - based on Source IP Address. Value 5 - based on 
Destination IP Address. Value 6 - based on Source and Destination 
5 IP Address. 

T Bit - 1 bit long - This bit identifies that the Port is a member of the 
Trunk Group. 

C Learn Bit - 1 bit long - Cpu Learn Bit - If this bit is set then the 

packet is send to the CPU whenever the source Address is learned. 
0 PT - 2 bits long - Port Type identifies the port Type. Value 0-10 Mbit 

Port. Value 1-100 Mbit Port. Value 2-1 Gbit Port. Value 3-CPU Port. 

VLAN Port Bitmap - 28 bits long - VLAN Port Bitmap Identifies all the 

egress ports on which the packet should go out. 

B Bit - 1 bit long - B bit is BPDU bit. If this bit is set then the Port 
5 rejects BPDUs. This Bit is set for Trunk Ports which are not supposed 

to accept BPDUs. 

TGID - 3 bits long - TGID - this field identifies the Trunk Group which 
this port belongs to. 

Untagged Bitmap - 28 bits long - This bitmap identifies the Untagged 
>0 Members of the VLAN. i.e. if the frame destined out of these members 

ports should be transmitted without Tag Header. 
M Bits - 1 bit long - M Bit is used for Mirroring Functionality. If this bit 
is set then mirroring on Ingress is enabled. 

The ARL engine 143 reads the packet; if the packet has a VLAN tag 
25 according to IEEE Standard 802.1q, then ARL engine 143 performs a look-up 
based upon tagged VLAN table 231 , which is part of VLAN table 23. If the 
packet does not contain this tag, then the ARL engine performs VLAN lookup 
based upon the port based VLAN table 232. Once the VLAN is identified for 
the incoming packet, ARL engine 143 performs an ARL table search based 
30 upon the source MAC address and the destination MAC address. If the results 
of the destination search is an L3 interface MAC address, then an L3 search 
is performed of an L3 table within ARL/L3 table 21. If the L3 search is 
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successful, then the packet is modified according to packet routing rules. 

To better understand lookups, learning, and switching, it may be 
advisable to once again discuss the handling of packet 112 with respect to 
Figure 8. If data packet 1 12 is sent from a source station A into port 24a of 
5 EPIC 20a, and destined for a destination station B on port 24c of EPIC 20c, 
ingress submodule 14a slices data packet 112 into cells 112a and 112b. The 
ingress submodule then reads the packet to determine the source MAC 
address and the destination MAC address. As discussed previously, ingress 
submodule 14a, in particular ARL engine 143, performs the lookup of 

10 appropriate tables within ARL/L3 tables 21a, and VLAN table 23a, to see if 
the destination MAC address exists in ARL/L3 tables 21a; if the address is not 
found, but if the VLAN IDs are the same for the source and destination, then 
ingress submodule 14a will set the packet to be sent to all ports. The packet 
will then propagate to the appropriate destination address. A "source search" 

15 and a "destination search" occurs in parallel. Concurrently, the source MAC 
address of the incoming packet is "learned", and therefore added to an ARL 
table within ARL/L3 table 21a. After the packet is received by the destination, 
an acknowledgement is sent by destination station B to source station A. 
Since the source MAC address of the incoming packet is learned by the 

20 appropriate table of B, the acknowledgement is appropriately sent to the port 
on which A is located. When the acknowledgement is received at port 24a, 
therefore, the ARL table learns the source MAC address of B from the 
acknowledgement packet. It should be noted that as long as the VLAN IDs 
(for tagged packets) of source MAC addresses and destination MAC 

25 addresses are the same; layer two switching as discussed above is 
performed. L2 switching and lookup is therefore based on the first, 16 bytes 
of an incoming packet. For untagged packets, the port number field in the 
packet is indexed to the port-based VLAN table within VLAN table 23a, and 
the VLAN ID can then be determined. If the VLAN IDs are different, however, 

30 L3 switching is necessary wherein the packets are sent to a different VLAN. 
L3 switching, however, is based on the IP header field of the packet. The IP 
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headerincludessource IP address, destination IP address, and TTL (time-to-live). 

In order to more clearly understand layer three switching according to 
the invention, data packet 112 is sentfrom source station A onto port 24a of 
EPIC 20a and is directed to destination station B; assume, however, that 
5 station B is disposed on a different VLAN, as evidenced by the source MAC 
address and the destination MAC address having differing VLAN IDs. The 
lookup for B would be unsuccessful since B is located on a different VLAN, 
and merely sending the packet to all ports on the VLAN would result in B 
never receiving the packet. Layer three switching, therefore, enables the 
10 bridging of VLAN boundaries, but requires reading of more packet informat.on 
than just the MAC addresses of L2 switching. In addition to read.ng the 
source and destination MAC addresses, therefore, ingress 14a also reads the 
,P address of the source and destination. As noted previously, packet types 
are defined by IEEE and other standards, and are known in the art. By 
15 reading the IP address of the destination, SOC 10 is able to target the packet 
to an appropriate router interface which is consistent with the desf.nat.on IP 
address Packet 1 12 is therefore sent on to CPS channel 80 through dispatch 
unit 18a, destined for an appropriate router interface (not shown, and not part 
of SOC 10) upon which destination B is located. Control frames, ident.fied as 
20 such by their destination address, are sent to CPU 52 via CM.C 40. The 
destination MAC address, therefore, is the router MAC address for B. The 
router MAC address is learned through the assistance of CPU 52, which uses 
an ARP (address resolution protocol) requestto requestthe destination MAC 
address for the router for B, based upon the IP address of B. Through the 
25 use of the IP address, therefore, SOC 10 can learn the MAC address. 
Through the acknowledgement and learning process, however, it is only the 
first packet that is subject to this "slow" handling because of the involvement 
of CPU 52. After the appropriate MAC addresses are learned, l.nespeed 
switching can occur through the use of concurrent table lookups since the 
30 necessary information will be learned by the tab.es. Implementing the tables 
in silicon as two-dimensional arrays enables such rapid concurrent lookups. 
Once the MAC address for B has been learned, therefore, when packets 
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come in with the IP address for B, ingress 14a changes the IP address to the 
destination MAC address, in order to enable linespeed switching. Also, the 
source address of the incoming packet is changed to the router MAC address 
for A rather than the IP address for A, so that the acknowledgement from B 
5 to A can be handled in a fast manner without needing to utilize a CPU on the 
destination end in order to identify the source MAC address to be the 
destination for the acknowledgement. Additionally, a TTL (time-to-live) field 
in the packet is appropriately manipulated in accordance with the IETF 
(Internet Engineering Task Force) standard. A unique aspect of SOC 10 is 

1 0 that all of the switching, packet processing, and table lookups are performed 
in hardware, rather than requiring CPU 52 or another CPU to spend time 
processing instructions. It should be noted that the layer three tables for EPIC 
20 can have varying sizes; in a preferred embodiment, these tables are 
capable of holding up to 2000 addresses, and are subject to purging and 

15 deletion of aged addresses, as explained herein. 

Referring again to the discussion of Figure 14, as soon as the first 64 
(sixty four) bytes of the packet arrive in input FIFO 142, a filtering request is 
sent to FFP 141. FFP141 is an extensive filtering mechanism which enables 
SOC 10 to set inclusive and exclusive filters on any field of a packet from 

20 layer 2 to layer 7 of the OSI seven layer model. Filters are used for packet 
classification based upon a protocol fields in the packets. Various actions are 
taken based upon the packet classification, including packet discard, sending 
of the packet to the CPU, sending of the packet to other ports, sending the 
packet on certain COS priority queues, changing the type of service (TOS) 

25 precedence. The exclusive filter is primarily used for implementing security 
features, and allows a packet to proceed only if there is a filter match. If there 
is no match, the packet is discarded. 

It should be noted that SOC 10 has a unique capability to handle both 
tagged and untagged packets coming in. Tagged packets are tagged in 

30 accordance with IEEE standards, and include a specific IEEE 802.1 p priority 
field for the packet. Untagged packets, however, do not include an 802. 1p 
priority field therein. SOC 10 can assign an appropriate COS value for the 
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packet which can be considered to be equivalents a weighted priority, based 
either upon the destination address or the source address of the packet, as 
matched in one of the table lookups. As noted in the ARL table format 
discussed herein, an SCP (Source COS Priority) bit is contained as one of the 
5 fields of the table. When this SCP bit is set, then SOG 10 will assign weighted 
priority based upon a source COS value in the ARL table. If the SCP is not 
set then SOC 1 0 will assign a COS for the packet based upon the dest.nat.on 
COS field in the ARL table. These COS values are three bit fields in the ARL 
table as noted previously in the ARL table field descriptions. 
1Q ppp 14 1 is essentially a state machine driven programmable rules 

engine The filters used by the FFP are 64 (sixty-four) bytes wide, and are 
applied on an incoming packet; any offset can be used, however, a preferred 
embodiment uses an offset of zero, and therefore operates on the first 64 
bytes or 512 bits, of a packet. The actions taken by the filter are tag 
15 insertion, priority mapping. TOS tag insertion, sending of the packet to the 
CPU dropping of the packet, forwarding of the packet to an egress port, and 
sending the packet to a mirrored port. The filters utilized by FFP 141 are 
defined by rules table 22. Rules table 22 is completely programmable by 
CPU 52 through CMIC 40. The rules table can be, for example, 256 entries 
20 deep and may be partitioned for inclusive and exclusive filters, with, again as 
an example, 128 entries for inclusive filters and 128 entries for exclusive 
filters A filter database, within FFP 141 . includes a number of inclusive mask 
registers and exclusive mask registers, such that the filters are formed based 
upon the rules in rules table 22, and the filters therefore essentially form a 64 
25 byte wide mask or bit map which is applied on the incoming packet. If the 
filter is designated as an exclusive filter, the filter will exclude all packets 
unless there is a match. In other words, the exclusive filter allows a packet to 
go through the forwarding process only if there is a filter match. If there ,s no 
filter match, the packet is dropped. In an inclusive filter, if there is no match, 
30 no action is taken but the packet is not dropped. Action on an exclusive filter 
requires an exact match of all filter fields. If there is an exact match with an 
exclusive filter, therefore, action is taken as specified in the action field; the 
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actions which may be taken, are discussed above. If there is no full match or 
exact of all of the filter fields, but there is a partial match, then the packet is 
dropped. A partial match is defined as either a match on the ingress field, 
egress field, or filter select fields. If there is neither a full match nor a partial 
5 match with the packet and the exclusive filter, then no action is taken and the 
packet proceeds through the forwarding process. The FFP configuration, 
taking action based upon the first 64 bytes of a packet, enhances the handling 
of real time traffic since packets can be filtered and action can be taken on the 
fly. Without an FFP according to the invention, the packet would need to be 
1 0 transferred to the CPU for appropriate action to be interpreted and taken. For 
inclusive filters, if there is a filter match, action is taken, and if there is no filter 
match, no action is taken; however, packets are not dropped based on a 
match or no match situation for inclusive filters. 

In summary, the FFP includes a filter database with eight sets of 
1 5 inclusive filters and eight sets of exclusive filters, as separate filter masks. As 
a packet comes into the FFP, the filter masks are applied to the packet; in 
other words, a logical AND operation is performed with the mask and the 
packet. If there is a match, the matching entries are applied to rules tables 
22, in order to determine which specific actions will be taken. As mentioned 
20 previously, the actions include 802. 1p tag insertion, 802. 1p priority mapping, 
IP TOS (type-of-service) tag insertion, sending of the packet to the CPU, 
discarding or dropping of the packet, forwarding the packet to an egress port, 
and sending the packet to the mirrored port. Since there are a limited number 
of fields in the rules table, and since particular rules must be applied for 
25 various types of packets, the rules table requirements are minimized in the 
present invention by the present invention setting all incoming packets to be 
"tagged" packets; all untagged packets, therefore, are subject to 802. 1p tag 
insertion, in order to reduce the number of entries which are necessary in the 
rules table. This action eliminates the need for entries regarding handling of 
30 untaggied packets. It should be noted that specific packet types are defined 
by various IEEE and other networking standards, and will not be defined 
herein. 
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As noted previously, exclusive Alters are defined in the rules table as 
fiKers whioh exclude packets for which there is no match; excluded packets 
are dropped. With inclusive filters, however, packets are not dropped ,n any 
circumstances. If there is a match, action is taken as discussed above; if there 
ls no match, no action is taken and the packet proceeds through the 
forwarding process. Referring to Figure 15, FFP 141 is shown to include filter 
database 1410 containing filter masks therein, communicating wrth logic 
circuitry 1411 for determining packet types and applying appropriate filter 
m asks. After the filter mask is applied as noted above, the result of the 
application is applied to rules table 22. for appropriate lookup and Mbon. lt 
should be noted that the filter masks, rules tables, and logic, whrle 
programmable by CPU 52, do not rely upon CPU 52 for the processing and 
calculation thereof. After programming, a hardware configuration is provded 
which enables linespeed filter application and lookup. 

Referring once again to Figure 14, after FFP 141 applies approbate 
configured filters and results are obtained from the appropriate rules table 22. 
loaic 1411 in FFP 141 determines and takes the appropriate acfion. The 
filing logic can discard the packet, send the packet to the CPU 52 modify 
ne packe' header or IP header, and recalculate any IP checksum fields or 
takes other appropriate action with respect to the headers. The mod, fioafion 
occurs at buffer slicer 144, and the packet is placed on C channel 81 . The 
control message and message header information is applied by the FFP 141 
and ARL engine 143. and the message header is placed on P channel 82. 
Dispatch unit 18, also generally discussed with respect to Frgure 8^ 
coordinates all dispatches to C channel, P channel and S channel. As noted 
Zlsly. each EPIC module 20. GP.C module 30. PMMU 70 etc. are 
individual configured ,o communicate via the CPS channel. Each mod* 
can be independently modified, and as long as the CPS channel ,n*rface 
are maintained, internal modifications to any modules such .» » 
should no. affect any other modules such as EPIC 20b. or any GPICs 30. 

Asmentioned previously, FFP 141 is programmed by the user, through 
CPU 52 based upon the specific functions which are sought to be handled 
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by each FFP 141 . Referring to Figure 17, it can be seen that in step 17-1, an 
FFP programming step is initiated by the user. Once programming has been 
initiated, the user identifies the protocol fields of the packet which are to be 
of interest for the filter, in step 17-2. In step 17-3, the packet type and filter 
5 conditions are determined, and in step 17-4, a filter mask is constructed 
based upon the identified packet type, and the desired filter conditions. The 
filter mask is essentially a bit map which is applied or ANDed with selected 
fields of the packet. After the filter mask is constructed, it is then determined 
whether the filter will be an inclusive or exclusive filter, depending upon the 

1 0 problems which are sought to be solved, the packets which are sought to be 
forwarded, actions sought to be taken, etc. In step 17-6, it is determined 
whether or not the filter is on the ingress port, and in step 17-7, it is 
determined whether or not the filter is on the egress port. If the filter is on the 
ingress port, an ingress port mask is used in step 17-8. If it is determined that 

15 the filter will be on the egress port, then an egress mask is used in step 17-9. 
Based upon these steps, a rules table entry for rules tables 22 is then 
constructed, and the entry or entries are placed into the appropriate rules 
table (steps 17-10 and 17-11). These steps are taken through the user 
inputting particular sets of rules and information into CPU 52 by an 

20 appropriate input device, and CPU 52 taking the appropriate action with 
respect to creating the filters, through CMIC 40 and the appropriate ingress 
or egress submodules on an appropriate EPIC module 20 or GPIC module 
30. 

It should also be noted that the block diagram of SOC 10 in Figure 2 
25 illustrates each GPIC 30 having its own ARL/L3 tables 31 , rules table 32, and 
VLAN tables 33, and also each EPIC 20 also having its own ARL/L3 tables 
21, rules table 22, and VLAN tables 23. In a preferred embodiment of the 
invention, however, two separate modules can share a common ARL/L3 table 
and a common VLAN table. Each module, however, has its own rules table 
30 22. For example, therefore, GPIC 30a may share ARL/L3 table 21a and 
VLAN table 23a with EPIC 20a. Similarly, GPIC 30b may share ARL table 21b 
and VLAN table 23b with EPIC 20b. This sharing of tables reduces the 
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number of gates which are required to implement the invention, and makes 
for simplified lookup and synchronization as will be discussed below. 
Table Synchronization and Aging 

SOC 10 utilizes a unique method of table synchronization and aging, 
5 toensure that only current and active address information is maintained in the 
tables. When ARL/L3 tables are updated to include a new source address, 
a "hit bit" is set within the table of the j'owner" or obtaining module to indicate 
that the address has been accessed'. Also, when a new address is learned 
and placed in the ARL table, an S channel message is placed on S channel 
10 83 as an ARL insert message, instructing all ARL/L3 tables on SOC 10 to 
learn this new address. The entry in the ARL7L3 tables includes an 
identification of the port which initially received the packet and learned the 
address. Therefore, if EPIC 20a contains the port which initially received the 
packet and therefore which initially learned the address, EPIC 20a becomes 
15 the "owner" of the address. Only EPIC 20a, therefore, can delete this address 
from the table. The ARL insert message is received by all of the modules, 
and the address is added into all of the ARL/L3 tables on SOC 10. CMIC 40 
will also send the address information to CPU 52. When each module 
receives and learns the address information, an acknowledge or ACK 
20 message is sent back to EPIC 20a; as the owner further ARL insert messages 
cannot be sent from EPIC 20a until all ACK messages have been received 
from all of the modules. In a preferred embodiment of the invention, CMIC 40 
does not send an ACK message, since CMIC 40 does not include 
ingress/egress modules thereupon, but only communicates with CPU 52. If 
25 multiple SOC 10 are provided in a stacked configuration, all ARL/L3 tables 
would be synchronized due to the fact that CPS channel 80 would be shared 
throughout the stacked modules. 

Referring to Figure 18, the ARL aging process is discussed. An age 
timer is provided within each EPIC module 20 and GPIC module 30, at step 
30 18*1, it is determined whether the age timer has expired. If the timer has 
expired, the aging process begins by examining the first entry in ARL table 21 . 
At step 18-2, it is determined whether or not the port referred to in the ARL 
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entry belongs to the particular module. If the answer is no, the process 
proceeds to step 1 8-3, where it is determined whether or not this entry is the 
last entry in the table. If the answer is yes at step 18-3, the age timer is 
restarted and the process is completed at step 18-4. If this is not the last entry 
5 in the table, then the process is returned to the next ARL entry at step 18-5. 
If, however, at step 18-2 it is determined that the port does belong to this 
particular module, then, at step 18-6 it is determined whether or not the hit bit 
is set, or if this is a static entry. If the hit bit is set, the hit bit is reset at step 
18-7, and the method then proceeds to step 18-3. If the hit bit is not set, the 

1 0 ARL entry is deleted at step 1 8-8, and a delete ARL entry message is sent on 
the CPS channel to the other modules, including CMIC 40, so that the table 
can be appropriately synchronized as noted above. This aging process can 
be performed on the ARL (layer two) entries, as well as layer three entries, in 
order to ensure that aged packets are appropriately deleted from the tables 

15 by the owners of the entries. As noted previously, the aging process is only 
performed on entries where the port referred to belongs to the particular 
module which is performing the aging process. To this end, therefore, the hit 
bit is only set in the owner module. The hit bit is not set for entries in tables 
of other modules which receive the ARL insert message. The hit bit is 

20 therefore always set to zero in the synchronized non-owner tables. 

The purpose of the source and destination searches, and the overall 
lookups, is to identify the port number within SOC 10 to which the packet 
should be directed to after it is placed either CBP 50 or GBP 60. Of course, 
a source lookup failure results in learning of the source from the source MAC 

25 address information in the packet; a destination lookup failure, however, since 
no port would be identified, results in the packet being sent to all ports on 
SOC 10. As long as the destination VLAN ID is the same as the source VLAN 
ID, the packet will propagate the VLAN and reach the ultimate destination, at 
which point an acknowledgement packet will be received, thereby enabling 

30 the ARL table to learn the destination port for use on subsequent packets. If 
the VLAN IDs are different, an L3 lookup and learning process will be 
performed, as discussed previously. It should be noted that each EPIC and 
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each GPIG contains a FIFO queue to store ARL insert messages, since, 
although each module can only send one message at a time, if each module 
sends an insert message, a queue must be provided for appropriate handling 
of the messages. 
5 Port Movement 

After the ARL7L3 tables have entries in them, the situation sometimes 
arises where a particular user or station may change location from one port 

i 

to another port. In order to prevent transmission errors, therefore, SOC 10 
includes capabilities of identifying such movement, and updating the table 
10 entries appropriately. For example, if station A, located for example on port 
1 , seeks to communicate with station B, whose entries indicate that user B is 
located on port 26. If station B is then moved to a different port, for example, 
port 15, a destination lookup failure will occur and the packet will be sent to 
all ports. When the packet is received by station B at port 15, station B will 
15 send an acknowledge (ACK) message, which will be received by the ingress 
of the EPIC/GPIC module containing port 1 thereupon. A source lookup (of 
the acknowledge message) will yield a match on the source address, but the 
port information will not match. The EPIC/GPIC which receives the packet 
from B, therefore, must delete the old entry from the ARL/L3 table, and also 
20 send an ARL/L3 delete message onto the S channel so that all tables are 
synchronized. Then, the new source information, with the correct port, is 

inserted into the ARL/L3 table, and an ARL/L3 insert message is placed on 
the S channel, thereby synchronizing the ARL/L3 tables with the new 

information. The updated ARL insert message cannot be sent until all of the 
25 acknowledgement messages are sent regarding the ARL delete message, to 

ensure proper table synchronization. As stated previously, typical ARL 

insertion and deletion commands can only be initiated by the owner module. 

In the case of port movement, however, since port movement may be 

identified by any module sending a packet to a moved port, the port 
30 movement-related deletion and insertion messages can be initiated by any 

module. 

Trunking 
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During the configuration process wherein a local area network is 
configured by an administrator with a plurality of switches, etc., numerous 
ports can be "trunked" to increase bandwidth. For example, if traffic between 
a first switch SW1 and a second switch SW2 is anticipated as being high, the 
5 LAN can be configured such that a plurality of ports, for example ports 1 and 
2, can be connected together. In a 1 00 megabits per second environment, the 
trunking of two ports effectively provides an increased bandwidth of 200 
megabits per second between the two ports. The two ports 1 and 2, are 
therefore identified as a trunk group, and CPU 52 is used to properly 
10 configure the handling of the trunk group. Once a trunk group is identified, it 
is treated as a plurality of ports acting as one logical port. Figure 1 9 illustrates 
a configuration wherein SW1, containing a plurality of ports thereon, has a 
trunk group with ports 1 and 2 of SW2, with the trunk group being two 
communication lines connecting ports 1 and 2 of each of SW1 and SW2. 
15 This forms trunk group T. In this example, station A, connected to port 3 of 
SW1 , is seeking to communicate or send a packet to station B, located on 
port 26 of switch SW2. The packet must travel, therefore, through trunk group 
T from port 3 of SW1 to port 26 of SW2. It should be noted that the trunk 
group could include any of a number of ports between the switches. As traffic 
20 ~ flow increases between SW1 and SW2, trunk group T could be reconfigured 
by the administrator to include more ports, thereby effectively increasing 
bandwidth. In addition to providing increased bandwidth, trunking provides 
redundancy in the event of a failure of one of the links between the switches. 
Once the trunk group is created, a user programs SOC 10 through CPU 52 
25 to recognize the appropriate trunk group or trunk groups, with trunk group 
identification (TGID) information. A trunk group port bit map is prepared for 
each TGID; and a trunk group table, provided for each module on SOC 10, 
is used to implement the trunk group, which can also be called a port bundle. 
A trunk group bit map table is also provided. These two tables are provided 
30 on a per module basis, and, like tables 21, 22, and 23, are implemented in 
silicon as two-dimensional arrays. In one embodiment of SOC 10, six trunk 
groups can be supported, with each trunk group having up to eight trunk ports 
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thereupon. For communication, however, in order to prevent out-of-ordering 
of packets or frames, the same port must be used for packet flow. 
Identification of which port will be used for communication is based upon any 
of the following: source MAC address, destination MAC address, source IP 
5 address, destination IP address, or combinations of source and destination 
addresses. If source MAC is used, as an example, if station A on port 3 of 
SW1 is seeking to send a packet to station B on port 26 of SW2, then the last 
three bits of the source MAC address of station A, which are in the source 
address field of the packet, are used to generate a trunk port index. The trunk 
10 port index, which is then looked up on the trunk group table by the ingress 
submodule 14 of the particular port on the switch, in order to determine which 
port of the trunk group will be used for the communication. In other words, 
when a packet is sought to be sent from station A to station B, address 
resolution is conducted as set forth above. If the packet is to be handled 
15 through a trunk group, then a T bit will be set in the ARL entry which is 
matched by the destination address. If the T bit or trunk bit is set, then the 
destination address is learned from one of the trunk ports. The egress port, 
therefore, is not learned from the port number obtained in the ARL entry, but 
is instead learned from the trunk group ID and rules tag (RTAG) which is 
20 picked up from the ARL entry, and which can be used to identify the trunk port 
based upon the trunk port index contained in the trunk group table. The 
RTAG and TGID which are contained in the ARL entry therefore define which 
part of the packet is used to generate the trunk port index. For example, if the 
RTAG value is 1 , then the last three bits of the source MAC address are used 
25 to identify the trunk port index; using the trunk group table, the trunk port 
index can then be used to identify the appropriate trunk port for 
communication. If the RTAG value is 2, then it is the last three bits of the 
destination MAC address which are used to generate the trunk port index. If 
the RTAG is 3, then the last three bits of the source MAC address are 
30 XORED with the last three bits of the destination MAC address. The result of 
this operation is used to generate the trunk port index. For IP packets, 
additional RTAG values are used so that the source IP and destination IP 
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addresses are used for the trunk port index, rather than the MAC addresses. 

SOC 10 is configured such that if a trunk port goes down or fails for 
any reason, notification is sent through CMIC 40 to CPU 52. CPU 52 is then 
configured to automatically review the trunk group table, and VLAN tables to < 
5 make sure that the appropriate port bit maps are changed to reflect the fact 
that a port has gone down and is therefore removed. Similarly, when the 
trunk port or link is reestablished, the process has to be reversed and a 
message must be sent to CPU 52 so that the VLAN tables, trunk group tables, 
etc. can be updated to reflect the presence of the trunk port. 

1 0 Furthermore, it should be noted that since the trunk group is treated as 

a single logical link, the trunk group is configured to accept control frames or 
control packets, also known as BPDUs, only one of the trunk ports. The port 
based VLAN table, therefore, must be configured to reject incoming BPDUs 
of non-specified trunk ports. This rejection can be easily set by the setting of 

15 a B bit in the VLAN table. IEEE standard 802.1d defines an algorithm known 
as the spanning tree algorithm, for avoiding data loops in switches where 
trunk groups exist. Referring to Figure 19, a logical loop could exist between 
ports 1 and 2 and switches SW1 and SW2. The spanning algorithm tree 
defines four separate states, with these states including disabling, blocking, 

20 listening, learning, and forwarding. The port based VLAN table is configured 
to enable CPU 52 to program the ports for a specific ARL state, so that the 
ARL logic takes the appropriate action on the incoming packets. As noted 
previously, the B bit in the VLAN table provides the capability to reject BPDUs. 
The St bit in the ARL table enables the CPU to learn the static entries; as 

25 noted in Figure 18, static entries are not aged by the aging process. The hit 
bit in the ARL table, as mentioned previously, enables the ARL engine 143 to 
detect whether or not there was a hit on this entry. In other words, SOC 10 
utilizes a unique configuration of ARL tables, VLAN tables, modules, etc. in 
order to provide an efficient silicon based implementation of the spanning tree 

30 states. 

In certain situations, such as a destination lookup failure (DLF)where 
a packet is sent to all ports on a VLAN, or a multicast packet, the trunk group 
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bit map table is configured to pickup appropriate port information so that the 
packet is not sent back to the members of the same source trunk group. This 
prevents unnecessary traffic on the LAN, and maintains the efficiency at the 
trunk group. 
5 IP/IPX 

Referring again to Figure 14, each EPIC 20 or GPIC 30 can be 
configured to enable support of both IP and IPX protocol at linespeed. Th.s 
flexibility is provided without having any negative effect on system 
performance, and utilizes a table, implemented in silicon, which can be 
10 selected for IP protocol, IPX protocol, or a combination of IP protocol and IPX 
protocol. This capability is provided within logic circuitry 141 1 . and utilizes an 
IP long est prefix cache lookup (IP_LPC), and an IPX longest prefix cache 
lookup (IPX_LPC). During the layer 3 lookup, a number of concurrent 
searches are performed; an L3 fast lookup, and the IP longest prefix cache 
15 lookup, are concurrently performed if the packet is identified by the packet 
header as an IP packet. If the packet header identifies the packet as an IPX 
packet the L3 fast lookup and the IPX longest prefix cache lookup will be 
concurrently performed. It should be noted that ARL7L3tab.es 21/31 include 
an IP default router table which is utilized for an IP longest prefix cache 
20 lookup when the packet is identified as an IP packet, and also includes an IPX 
default router table which is utilized when the packet header identifies the 
packet as an IPX packet. Appropriate hexadecimal codes are used to 
determine the packet types. If the packet is identified as neither an IP packet 
nor an IPX packet, the packet is directed to CPU 52 via CPS channel 80 and 
CMIC 40 It should be noted that if the packet is identified as an IPX packet, 
it could be any one of four types of IPX packets. The four types are Ethernet 
802 3 Ethernet 802.2, Ethernet SNAP, and Ethernet II. 

The concurrent lookup of L3 and either IP or IPX are important to the 
performance of SOC 1 0. In one embodiment of SOC 1 0, the L3 table would 
30 include a portion which has IP address information, and another port.onwh.ch 
has IPX information, as the default routertab.es. These default router tables, 
as noted previously, are searched depending upon whether the packet ,s an 
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IP packet or an IPX packet. In order to more clearly illustrate the tables, the 
L3 table format for an L3 table within ARL/L3 tables 21 is as follows: 

IP or IPX Address - 32 bits long - IP or IPX Address - is a 32 bit IP or 
IPX Address* The Destination IP or IPX Address in a packet is used 
5 as a key in searching this table. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address. This Mac address is used as the Destination Mac Address 
in the forwarded IP Packet. ! 

Port Number - 6 bits long - Port Number - is the port number the 
10 packet has to go out if the Destination IP Address matches this entry's 

IP Address. 

L3 Interface Num - 5 bits long - L3 Interface Num - This L3 Interface 
Number is used to get the Router Mac Address from the L3 Interface 
Table. 

1 5 L3 Hit Bit - 1 bit long - L3 Hit bit - is used to check if there is hit on this 

Entry. The hit bit is set when the Source IP Address search matches 
this entry. The L3 Aging Process ages the entry if this bit is not set. 
Frame Type - 2 bits long - Frame Type indicates type of IPX Frame 
(802.2, Ethernet II, SNAP and 802.3) accepted by this IPX Node. 

20 Value 00 - Ethernet II Frame. Value 01 - SNAP Frame. Value 02 - 

802.2 Frame. Value 03 - 802.3 Frame. 
Reserved - 4 bits long - Reserved for future use. 
The fields of the default IP router table are as follows: 

IP Subnet Address - 32 bits long - IP Subnet Address - is a 32 bit IP 

25 Address of the Subnet. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address and in this case is the Mac Address of the default Router. 
Port Number - 6 bits long - Port Number is the port number forwarded 
packet has to go out. 

30 L3 Interface Num - 5 bits long - L3 Interface Num is L3 Interface 

Number. 
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IP Subnet Bits -5 bits long - IP Subnet Bits is total number of Subnet 
Bits in the Subnet Mask. These bits are ANDED with Destination IP 
Address before comparing with Subnet Address. 
C Bit - 1 bit long - C Bit - If this bit is set then send the packet to CPU 
also. 

The fields of the default IPX router table within ARUL3 tables 21 are as 
follows: 

IPX Subnet Address - 32 bits long - IPX Subnet Address is a 32 bit 
IPX Address of the Subnet. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address and in this case is the Mac Address of the default Router. 
Port Number - 6 bits long - Port Number is the port number forwarded 
packet has to go out. 

L3 Interface Num - 5 bits long - L3 Interface Num is L3 Interface 

15 Number. 

IPX Subnet Bits - 5 bits long - IPX Subnet Bits is total number of 
Subnet Bits in the Subnet Mask. These bits are ANDED with 
Destination IPX Address before comparing with Subnet Address. 
C Bit - 1 bit long - C Bit - If this bit is set then send the packet to CPU 

20 a ,so - 

|f a match is not found in the L3 table for the destination IP address, 

longest prefix match in the default IP router fails, then the packet is given to 
the CPU. Similarly, if a match is not found on the L3 table for a destinat.on 
IPX address, and the longest prefix match in the default IPX router fails, then 
25 the packet is given to the CPU. The lookups are done in parallel, but rf the 
destination IP or IPX address is found in the L3 table, then the results of the 
default router table lookup are abandoned. 

The longest prefix cache lookup, whether it be for IP or IPX, includes 
repetitive matching attempts of bits of the IP subnet address. The longest 
30 prefix match consists of ANDing the destination IP address with the number 
of IP or IPX subnet bits and comparing the result with the IP subnet address. 
Once a longest prefix match is found, as long as the TTL is not equal to one. 



WO 01/08360 




PCT/US00/16339 



then appropriate IP check sums are recalculated, the destination MAC 
address is replaced with the next hop MAC address, and the source MAC 
address is replaced with the router MAC address of the interface. The VLAN 
ID is obtained from the L3 interface table, and the packet is then sent as 
5 either tagged or untagged, as appropriate. If the C bit is set, a copy of the 
packet is sent to the CPU as may be necessary for learning or other CPU- 
related functions. 

It should be noted, therefore, that if a packet arrives destined to a MAC 
address associated with a level 3 interface for a selected VLAN, the ingress 

10 looks for a match at an IP/IPX destination subnet level, if there is no IP/IPX 
destination subnet match, the packet is forwarded to CPU 52 for appropriate 
routing. However, if an IP/IPX match is made, then the MAC address of the 
next hop and the egress port number is identified and the packet is 
appropriately forwarded. 

15 In other words, the ingress of the EPIC 20 or GPIC 30 is configured 

with respect to ARL/L3 tables 21 so that when a packet enters ingress 
submodule 14, the ingress can identify whether or not the packet is an IP 
packet or an IPX packet. IP packets are directed to an IP/ARL lookup, and 
IPX configured packets are directed to an IPX/ARL lookup. If an L3 match is 

20 found during the L3 lookup, then the longest prefix match lookups are 
abandoned. 
HOL Blocking 

SOC 10 incorporates some unique data flow characteristics, in order 
maximize efficiency and switching speed. In network communications, a 

25 concept known as head-of-line or HOL blocking occurs when a port is 
attempting to send a packet to a congested port, and immediately behind that 
packet is another packet which is intended to be sent to an un-congested port. 
The congestion at the destination port of the first packet would result in delay 
of the transfer of the second packet to the un-congested port. Each EPIC 20 

30 and GPIC 30 within SOC 10 includes a unique HOL blocking mechanism in 
order to maximize throughput and minimize the negative effects that a single 
congested port would have on traffic going to un-congested ports. For 
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example, if a port on a GPIC 30, with a data rate of, for example, 1000 
megabits per second is attempting to send data to another port 24a on EPIC 
20a port 24a would immediately be congested. Each port on each GPIC 30 
and EPIC 20 is programmed by CPU 52 to have a high watermark and a low 
watermark per port per class of service (COS), with respect to buffer space 
within CBP 50. The fact that the head of line blocking mechanism enables 
per port per COS head of line blocking prevention enables a more efficient 
data flow than that which is known in the art. When the output queue Tor a 
particular port hits the preprogrammed high watermark within the allocated 
buffer in CBP 50, PMMU 70 sends, on S channel 83, a COS queue status 
notification to the appropriate ingress module of the appropriate GPIC 30 or 
EPIC 20. When the message is received, the active port register 
corresponding to the COS indicated in the message is updated. If the port b.t 
for that particular port is set to zero, then the ingress is configured to drop all 
packets going to that port. Although the dropped packets will have a negative 
effect on communication to the congested port, the dropping of the packets 
destined for congested ports enables packets going to un-congested ports to 
be expeditiously forwarded thereto. When the output queue goes below the 
preprogrammed low watermark. PMMU 70 sends a COS queue status 
notification message on the sideband channel with the bit set for the port. 
When the ingress gets this message, the bit corresponding to the port ,n the 
active port register for the module can send the packet to the appropriate 
output queue. By waiting until the output queue goes below the low 
watermark before re-activating the port, a hysteresis is built into the system 
" to prevent constant activation and deactivation of the port based upon the 
forwarding of only one packet, or a small number of packets. It should be 
noted that every module has an active port register. As an example, each 
COS per port may have four registers for storing the high watermark and the 
,ow watermark; these registers can store data in terms of number of cells on 
the output queue, or in terms of number of packets on the output queue. In 
the case of a unicast message, the packet is merely dropped; in the case of 
multicast or broadcast messages, the message is dropped with respect to 
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congested ports, but forwarded to uncongested ports. PMMU 70 includes all 
logic required to implement this mechanism to prevent HOL blocking, with 
respect to budgeting of cells and packets. PMMU 70 includes an HOL 
blocking marker register to implementthe mechanism based upon cells. If the 
5 local cell count plus the global cell count for a particular egress port exceeds 
the HOL blocking marker register value, then PMMU 70 sends the HOL status 
notification message. PMMU 70 can also implement an early HOL 
notification, through the use of a bit in the PMMU configuration register which 
is referred to as a Use Advanced Warning Bit. If this bit is set, the PMMU 70 
10 sends the HOL notification message if the local cell count plus the global cell 
count plus 121 is greater than the value in the HOL blocking marker register. 
121 is the number of cells in a jumbo frame. 

With respect to the hysteresis discussed above, it should be noted that 
PMMU 70 implements both a spatial and a temporal hysteresis. When the 
15 local cell count plus global cell count value goes below the value in the HOL 
blocking marker register, then a poaching timer value from a PMMU 
configuration register is used to load into a counter. The counter is 
decremented every 32 clock cycles. When the counter reaches 0, PMMU 70 
sends the HOL status message with the new port bit map. The bit 
20 corresponding to the egress port is reset to 0, to indicate that there is no more 
HOL blocking on the egress port. In order to carry on HOL blocking 
prevention based upon packets, a skid mark value is defined in the PMMU 
configuration register. If the number of transaction queue entries plus the skid 
mark value is greater than the maximum transaction queue size per COS, 
25 then PMMU 70 sends the COS queue status message on the S channel. 
Once the ingress port receives this message, the ingress port will stop 
sending packets for this particular port and COS combination. Depending 
upon the configuration and the packet length received for the egress port, 
either the head of line blocking for the cell high watermark or the head of line 
30 blocking for the packet high watermark may be reached first. This 
configuration, therefore, works to prevent either a small series of very large 
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packets or a large series of very small packets from creating HOL blocking 
problems. 

The low watermark discussed previously with respect to CBP 
admission logic is for the purpose of ensuring that independent of traffic 

5 conditions, each port will have appropriate buffer space allocated in the CBP 
to prevent port starvation, and ensure that each port will be able to 
communicate with every other port to the extent that the network can support 
such communication. 

Referring again to PMMU 70 illustrated in Figure 10, CBM 71 is 

10 configured to maximize availability of address pointers associated with 
incoming packets from a free address pool. CBM 71, as noted previously, 
stores the first cell pointer until incoming packet . 112 is received and 
assembled either in CBP 50, or GBP 60. If the purge flag of the 
corresponding P channel message is set, CBM 71 purges the incoming data 

1 5 packet 112, and therefore makes the address pointers GPID/CPID associated 
with the incoming packet to be available. When the purge flag is set, 
therefore, CBM 71 essentially flushes or purges the packet from processing 
of SOC 10, thereby preventing subsequent communication with the 
associated egress manager 76 associated with the purged packet. CBM 71 

20 is also configured to communicate with egress managers 76 to delete aged 
and congested packets. Aged and congested packets are directed to CBM 
71 based upon the associated starting address pointer, and the reclaim unit 
within CBM 71 frees the pointers associated with the packets to be deleted; 
this is, essentially, accomplished by modifying the free address pool to reflect 

25 this change. The memory budget value is updated by decrementing the 
current value of the associated memory by the number of data cells which are 
purged. 

To summarize, resolved packets are placed on C channel 81 by 
ingress submodule 14 as discussed with respect to Figure 8. CBM 71 
30 interfaces with the CPS channel, and every time there is a cell/packet 
addressed to an egress port, CBM 71 assigns cell pointers, and manages the 
linked fist. A plurality of concurrent reassembly engines are provided, with 
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one reassembly engine for each egress manager 76, and tracks the frame 
status. Once a plurality of cells representing a packet is fully written into CBP 
50, CBM 71 sends out CPIDs to the respective egress managers, as 
discussed above. The CPIDs point to the first cell of the packet in the CBP; 
5 packet flow is then controlled by egress managers 76 to transaction MACs 
140 once the CPID/GPID assignment is completed by CBM 71 . The budget 
register (not shown) of the respective ecjress manager 76 is appropriately 
decremented by the number of cells associated with the egress, after the 
complete packet is written into the CBP 50. EGM 76 writes the appropriate 

10 PIDs into its transaction FIFO. Since there are multiple classes of service 
(COSs), then the egress manager 76 writes the PIDs into the selected 
transaction FIFO corresponding to the selected COS. As will bediscussed 
below with respect to Figure 13, each egress manager 76 has its own 
scheduler interfacing to the transaction pool or transaction FIFO on one side, 

15 and the packet pool or packet FIFO on the other side. The transaction FIFO 
includes all PIDs, and the packet pool or packet FIFO includes only CPIDs. 
The packet FIFO interfaces to the transaction FIFO, and initiates transmission 
based upon requests from the transmission MAC. Once transmission is 
started, data is read from CBP 50 one cell at a time, based upon transaction 

20 FIFO requests. 

As noted previously, there is one egress manager for each port of 
every EPIC 20 and GPIC 30, and is associated with egress sub-module 18. 
Figure 1 3 illustrates a block diagram of an egress manager 76 communicating 
with R channel 77. For each data packet 112 received by an ingress 

25 submodule 14 of an EPIC 20 of SOC 10, CBM 71 assigns a Pointer 
Identification (PID); if the packet 112 is admitted to CBP 50, the CBM 71 
assigns a CPID, and if the packet 112 is admitted to GBP 60, the CBM 71 
assigns a GPID number. At this time, CBM 71 notifies the corresponding 
egress manager 76 which will handle the packet 112, and passes the PID to 

30 the corresponding egress manager 76 through R channel 77. In the case of 
a unicast packet, only one egress manager 76 would receive the PID. 
However, if the incoming packet were a multicast or broadcast packet, each 
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egress manager 76 to which the packet is directed will receive the PID. For 
this reason, a multicast or broadcast packet needs only to be stored once in 
the appropriate memory, be it either CBP 50 or GBP 60. 

Each egress manager 76 includes an R channel interface unit (RCIF) 
5 131. a transaction FIFO 132, a COS manager 133, a scheduler 134, an 
accelerated packet flush unit (APF) 135, a memory read unit (MRU) 136, a 
time stamp check unit (TCU) 137, and an untag unit 138. MRU 136 
communicates with CMC 79, which is connected to CBP 50. Scheduler 134 
is connected to a packet FIF0 139. RCIF 131 handles all messages between 
10 CBM71 and egress manager 76. When a packet 112 is received and stored 
in SOC 10. CBM 71 passes the packet information to RCIF 131 of the 
associated egress manager 76. The packet information will include an 
indication of whether Or not the packet is stored in CBP 50 or GBP 70, the 
size of the packet, and the PID. RCIF 131 then passes the received packet 
15 information to transaction FIFO 132. Transaction FIFO 132 is a fixed depth 
FIFO with eight COS priority queues, and is arranged as a matrix with a 
number of rows and columns. Each column of transaction FIFO 132 
represents a class of service (COS), and the total number of rows equals the 
number of transactions allowed for any one class of service. COS manager 
20 1 33 works in conjunction with scheduler 1 34 in order to provide policy based 
quality of service (QOS), based upon ethernet standards. As data packets 
arrive in one or more of the COS priority queues of transaction FIFO 132, 
scheduler 134 directs a selected packet pointer from one of the priority 
queues to the packet FIFO 139. The selection of the packet pointer is based 
25 upon a queue scheduling algorithm, which is programmed by a user through 
CPU 52. within COS manager 133. An example of a COS issue is video, 
which requires greater bandwidth than text documents. A data packet 1 12 of 
video information may therefore be passed to packet FIFO 139 ahead of a 
packet associated with a text document. The COS manager 133 would 
30 therefore direct scheduler 1 34 to select the packet pointer associated w.th the 
packet of video data. 
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The COS manager 133 can also be programmed using a strict priority 
based scheduling method, or a weighted priority based scheduling method of 
selecting the next packet pointer in transaction FIFO 132. Utilizing a strict 
priority based scheduling method, each of the eight COS priority queues are 
5 provided with a priority with respect to each other COS queue. Any packets 
residing in the highest priority COS queue are extracted from transaction FIFO 
132 for transmission. On the other hand, utilizing a weighted priority based 
scheduling scheme, each COS priority queue is provided with a 
programmable bandwidth. After assigning the queue priority of each COS 

10 queue, each COS priority queue is given a minimum and a maximum 
bandwidth. The minimum and maximum bandwidth values are user 
programmable. Once the higher priority queues achieve their minimum 
bandwidth value, COS manager 133 allocates any remaining bandwidth 
based upon any occurrence of exceeding the maximum bandwidth for any 

1 5 one priority queue. This configuration guarantees that a maximum bandwidth 
will be achieved by the high priority queues, while the lower priority queues 
are provided with a lower bandwidth. 

The programmable nature of the COS manager enables the scheduling 
algorithm to be modified based upon a user's specific needs. For example, 

20 COS manager 1 33 can consider a maximum packet delay value which must 
be met by a transaction FIFO queue. In other words, COS manager 133 can 
require that a packet 112 is not delayed in transmission by the maximum 
packet delay value; this ensures that the data flow of high speed data such 
as audio, video, and other real time data is continuously and smoothly 

25 transmitted. 

If the requested packet is located in CBP 50, the CPID is passed from 
transaction FIFO 132 to packet FIFO 139. If the requested packet is located 
in GBP 60, the scheduler initiates a fetch of the packet from GBP 60 to CBP 
50; packet FIFO 139 only utilizes valid CPID information, and does not utilize 

30 GPID information. The packet FIFO 139 only communicates with the CBP 
and not the GBP. When the egress seeks to retrieve a packet, the packet can 
only be retrieved from the CBP; for this reason, if the requested packet is 
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located in the GBP 50, the scheduler fetches the packet so that the egress 
can properly retrieve the packet from the CBP. 

APF 135 monitors the status of packet FIFO 139. After packet FIFO 
139 is full for a specified time period, APF 135 flushes out the packet FIFO. 
5 The CBM reclaim unit is provided with the packet pointers stored in packet 
FIFO 139 by APF 135, and the reclaim unit is instructed by APF 135 to 
release the packet pointers as part of the free address pool. APF 135 also 
disables the ingress port 21 associated with the egress manager 76. 

While packet FIFO 139 receives the packet pointers from scheduler 

10 1 34, MRU 1 36 extracts the packet pointers for dispatch to the proper egress 
port. After MRU 1 36 receives the packet pointer, it passes the packet pointer 
information to CMC 79, which retrieves each data cell from CBP 50. MRU 
136 passes the first data cell 112a, incorporating cell header information, to 
TCU 137 and untag unit 138. TCU 137 determines whether the packet has 

15 aged by comparing the time stamps stored within data cell 112a and the 
current time. If the storage time is greater than a programmable discard time, 
then packet 112 is discarded as an aged packet. Additionally, if there is a 
pending request to untag the data cell 1 12a, untag unit 138 will remove the 
tag header prior to dispatching the packet. Tag headers are defined in IEEE 

20 Standard 802.1q. 

Egress manager 76, through MRU 136, interfaces with transmission 
FIFO 140, which is a transmission FIFO for an appropriate media access 
controller (MAC); media access controllers are known in the ethernet art. 
MRU 136 prefetches the data packet 112 from the appropriate memory, and 

25 sends the packet to transmission FIFO 140, flagging the beginning and the 
ending of the packet. If necessary, transmission FIFO 140 will pad the packet 
so that the packet is 64 bytes in length. 

As shown in Figure 9, packet 1 1 2 is sliced or segmented into a plurality 
of 64 byte data cells for handling within SOC 10. The segmentation of 

30 packets into cells simplifies handling thereof, and improves granularity, as well 
as making it simpler to adapt SOC 10 to cell-based protocols such as ATM. 
However, before the cells are transmitted out of SOC TO, they must be 
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reassembled into packet format for proper communication in accordance with 
the appropriate communication protocol. A cell reassembly engine (not 
shown) is incorporated within each egress of SOC 10 to reassemble the 
sliced cells 112a and 112b into an appropriately processed and massaged 



Figure 16 is a block diagram showing some of the elements of CPU 
interface or CMIC 40. In a preferred embodiment, CMIC 40 provides a 32 bit 
66 MHz PCI interface, as well as an I2C interface between SOC 10 and 
external CPU 52. PCI communication is controlled by PCI core 41 , and I2C 

10 communication is performed by I2C core 42, through CMIC bus 167. As 
shown in the figure, many CMIC 40 elements communicate with each other 
through CMIC bus 167. The PCI interface is typically used for configuration 
and programming of SOC 10 elements such as rules tables, filter masks, 
packet handling, etc., as well as moving data to and from the CPU or other 

1 5 PCI uplink. The PCI interface is suitable for high end systems wherein CPU 
52 is a powerful CPU and running a sufficient protocol stack as required to 
support layer two and layer three switching functions. The I2C interface is 
suitable for low end systems, where CPU 52 is primarily used for initialization. 
Low end systems would seldom change the configuration of SOC 1 0 after the 

20 switch is up and running. 

CPU 52 is treated by SOC 10 as any other port. Therefore, CMIC 40 
must provide necessary port functions much like other port functions defined 
above. CMIC 40 supports all S channel commands and messages, thereby 
enabling CPU 52 to access the entire packet memory and register set; this 

25 also enables CPU 52 to issue insert and delete entries into ARL/L3 tables, 
issue initialize CFAP/SFAP commands, read/write memory commands and 
ACKs, read/write register command and ACKs, etc. Internal to SOC 10, 
CMIC 40 interfaces to C channel 81, P channel 82, and S channel 83, and is 
capable of acting as an S channel master as well as S channel slave. To this 

30 end, CPU 52 must read or write 32-bit D words. For ARL table insertion and 
deletion, CMIC 40 supports buffering of four insert/delete messages which 
can be polled or interrupt driven. ARL messages can also be placed directly 
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into CPU memory through a DMA access using an ARL DMA controller 161 . 
DMA controller 1 61 can interrupt CPU 52 after transfer of any ARL message, 
or when all the requested ARL packets have been placed into CPU memory. 

' Communication between CMIC 40 and C channel 81/P channel82 is 
performed through the use of CP-channel buffers 162 for buffering C and P 
channel messages, and CP bus interface 163. S channel ARL message 
buffers 164 and S channel bus interface 165 enable communication with S 
channel 83. As noted previously, PIO (Programmed Input/Output) registers 
are used, as illustrated by SCH PIO registers 166 and PIO registers 168, to 
access the S channel, as well as to program other control, status, address, 
and data registers. PIO registers 168 communicate with CMIC bus 167 
through I2C slave interface 42a and I2C master interface 42b. DMA controller 
161 enables chaining, in memory, thereby allowing CPU 52 to transfer 
multiple packets of data without continuous CPU intervention. Each DMA 
channel can therefore be programmed to perform a read or write DMA 
operation. Specific descriptor formats may be selected as appropriate to 
execute a desired DMA function according to application rules. For receiving 
cells from PMMU 70 for transfer to memory, if appropriate, CMIC 40 acts as 
an egress port, and follows egress protocol as discussed previously. For 
20 transferring cells to PMMU 70. CMIC 40 acts as an ingress port, and follows 
ingress protocol as discussed previously. CMIC 40 checks for active ports, 
COS queue availability and other ingress functions, as well as supporting the 
HOL blocking mechanism discussed above. CMIC 40 supports single and 
burst PIO operations; however, burst should be limited to S channel buffers 
and ARL insert/delete message buffers. Referring once again to I2C slave 
interface 42a, the CMIC 40 is configured to have an I2C slave address so that 
an external I2C master can access registers of CMIC 40. CMIC 40 can 
inversely operate as an I2C master, and therefore, access other I2C slaves. 
It should be noted that CMIC 40 can also support MUM through MUM interface 
30 169. MUM support is defined by IEEE Standard 802.3u. and will not be 
further discussed herein. Similarly, other operational aspects of CMIC 40 are 
outside of the scope of this invention. 
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A unique and advantageous aspect of SOC 10 is the ability of doing 
concurrent lookups with respect to layer two (ARL), layer three, and filtering. 
When an incoming packet comes in to an ingress submodule 14 of either an 
EPIC 20 or a GPIC 30, as discussed previously, the module is capable of 
5 concurrently performing an address lookup to determine if the destination 
address is within a same VLAN as a source address; if the VLAN IDs are the 
same, layer 2 or ARL lookup should be sufficient to properly switch the packet 
in a store and forward configuration. If the VLAN IDs are different, then layer 
three switching must occur based upon appropriate identification of the 

10 destination address, and switching to an appropriate port to get to the VLAN 
of the destination address. Layer three switching, therefore, must be 
performed in order to cross VLAN boundaries. Once SOC 1 0 determines that 
L3 switching is necessary, SOC 10 identifies the MAC address of a 
destination router, based upon the L3 lookup. L3 lookup is determined based 

15 upon a reading in the beginning portion of the packet of whether or not the L3 
bit is set. If the L3 bit is set, then L3 lookup will be necessary in order to 
identify appropriate routing instructions. If the lookup is unsuccessful, a 
request is sent to CPU 52 and CPU 52 takes appropriate steps to identify 
appropriate routing for the packet. Once the CPU has obtained the 

20 appropriate routing information, the information is stored in the L3 lookup 
table, and for the next packet, the lookup will be successful and the packet will 
be switched in the store and forward configuration. 

Thus, the present invention comprises a method for allocating memory 
locations of a network switch. The network switch has internal (on-chip) 

25 memory and an external (off-chip) memory. Memory locations are allocated 
between the internal memory and the external memory according to a pre- 
defined algorithm. 

The pre-defined algorithm allocates memory locations between the 
internal memory and the external memory based upon the amount of internal 

30 memory available for the egress port of the network switch from which the 
data packet is to be transmitted by the network switch. When the internal 
memory available for the egress port from which the data packet is to be 
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transmitted is above a predetermined threshold, then the data packet is 
stored in the internal memory. Wshen the internal memory available for the 
egress port from which the data packet is to be transmitted is below the 
predetermined threshold value, then the data packet is stored in the external 
5 memory. 

Thus, this distributed hierarchical shared memory architecture defines 
a self-balancing mechanism. That is, for egress ports having few data 
packets in their egress queues, the incoming data packets which are to be 
switched to these egress ports are sent to the internal memory, whereas for 
1 o egress ports having many data packets in their egress queues, the incoming 
data packets which are to be switched to these egress ports are stored in the 
external memory. 

Preferably, any data packets which are stored in external memory are 
subsequently re-routed back to the internal memory before being provided to 

15 an egress port for transmission from the network switch. 

Thus, according to the present invention, the transmission line rate is 
maintained on each egress port even though the architecture utilizes slower 
speed DRAMs for at least a portion of packet storage. Preferably, this 
distributed hierarchical shared memory architecture uses SRAM as a packet 

20 memory cache or internal memory and uses standard DRAMs or SDRAMs as 
an external memory, so as to provide a desired cost-benefit ratio. 
Unified Tables 

In general, the ARL is an important component in SOC 10. For an L2 
switch as noted above, the main function of the ARL is to identify the 

25 destination port(s). depending upon the MAC address. For an L3 switch, the 
ARL not only identifies the destination port, but also modifies the IP and MAC 
headers of the packet in accordance with the forwarding rules of IP routing. 
As such an L2 switch generally utilizes a MAC address table to look for the 
destination and source MAC addresses along with the VLAN ID. Following 

30 this configuration, an L3 switch generally utilizes an IP Routeer table to find 
the longest prefix match from the destination IP address. L4 switches 
generally include an additional table, an L4 lookup table, that utilizes a socket 
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number, which is defined as, for example, IP address + TCP + UDP port 
number, for a lookup and to make packet forwarding decisions based upon 
the L4 information within the L4 lookup table. Furthermore, for the switches 
that support packet classification based upon certain protocol headers, 
5 filtering logic is generally implemented in a filtering component of ARL. This 
filtering component generally utilizes an additional filtering table in order to 
classify packets for possible filtering action. This general configuration for 
ARL and filtering logic is shown in Figure 20. Although the configuration 
shown ih Figure 20 simplifies the logic necessary to access the respective 
10 tables, it also operates to increase the memory overhead of the chip, while 
decreasing the memory usage efficiency as a result of identical entries being 
stored in multiple tables within a single chip. 

Therefore, in view of these deficiencies, the present invention provides 
another configuration wherein a single unified table 1 00 is utilized to store L2, 
15 L3, and L4 information, along with filtering values, which is shown in Figure 
21. As such, a network switch is provided wherein the quantity of available 
table space for any of the L2, L3, L4, and/or filtering values is not limited by 
the size of the individual tables within the switch. Rather, if an L2 table is 
sized to be 1k in one of the previous embodiments, for example, and effective 
20 switch operation for a particular user application requires 2k, then the present 
embodiment can simply utilize 2k of table space within the single unified table 
100. In operation, the present exemplary embodiment allocates a 
predetermined amount of space within unified table 100 for each of L2, L3, 
L4, and filtering information in accordance with user preferences. However, 
25 these predetermined amounts of space are also variable in accordance with 
user preference during operation, through for example, CPU inputs. As such, 
a network switch having substantially greater flexibility in application, greater 
efficiency in memory usage, simplified programming logic, and lower 
overhead memory requirements is provided. Furthermore, in view of the use 
30 of a single unified table, the need for on chip table synchronization is 
eliminated, which also serves to simplify the chip logic and spatial overhead 
requirements. 
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In the present exemplary embodiment, a single unified table 100 is 
used to store L2, L3, and L4 switching and filtering fields and actions. The 
unified table format, which is shown in Figure 22, includes opcodes, search 
keys, and the field/action entries stored in the multiple tables of the previous 
5 embodiments. Each individual opcode, which is defined as a 3 bit entry in the 
present exemplary embodiment, indicates the type of table entry stored at that 
particular location. For example, an opcode of "000" indicates that the 
corresponding entry is an L2 entry in the present embodiment. Further, 
opcodes of "001, ""010," and "011" indicate that the corresponding entry is an 
10 L3, L4, or filtering related entry, respectively. The search key field, which is 
variable in width, is similar to the search key fields discussed in the previous 
embodiments. The field/action entries are representative of MAC addresses 
for L2 lookups, IP addresses for L3 lookups, socket numbers for L4 lookups, 
and IP, TCP, and UDP protocol fields for filtering lookups. Thus, the opcode 
15 in unified table 100 is used to identify all of the fields that need to be used for 
lookup, along with identifying all of the fields from unified table 100 that need 
to be sent to the ARL logic upon completion of a successful lookup. These 
various table entries are generally programmed by the CPU software, upon 
initialization or during run time, for example, or by the ARL logic itself through, 
20 for example, the aforementioned learning process. 

In view of the various forms of field and action information contained 
within unified table 100, the logic used to conduct searches within unified 
table 1 00 is modified from that of the previous embodiments in order to seek 
or parse the requested information from unified table 100. In particular, 
25 although the ingress logic continues to construct search requests, as 
discussed in the previous embodiments, when the ingress search request is 
completed, it is then sent to a secondary level of table logic for further action. 
This secondary level of table logic operates to decode the search request 
created by the ingress logic, and thereafter, generate a unified table search 
30 request suitable for searching the multiple data entries/formats within unified 
table 100. The search request generated by the secondary level of table 
logic, which is shown in Figure 24, includes an opcode and fields specific to 
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whether the search request is an L2, L3, L4, or filtering request. Therefore, 
for example, if the search request were an L2 request, corresponding to 
opcode 000, then the fields specific to the L2 request would be the MAC 
address + the VLAN ID, Alternatively, for example, if the search request were 
5 an L3 request, corresponding to opcode 001 , then the fields specific to the L3 
< request would be either the source IP address or the destination IP address. 
^ Further, for example, for L4 related requests having an opcode of 010, the 
fields would be IP address + UDP or TCP port number. Finally, for filtering 
requests, for example, which correspond to opcode 01 1, the fields could be 
10 any combination of IP, TCP, or UDP information. 

In addition to the reformatting of the search request for unified table 
1 00, the response format from unified table 1 00 is also modified from previous 
embodiments. In particular, in view of the multiple types of information 
contained within the data/action field of unified table 1 00, the search response 
15 also includes an opcode to designate what type of information is contained 
within the search response. This opcode corresponds to the opcode used in 
the search request. Furthermore, the search response also includes a bit to 
indicate whether or not the search request was successful, that is, whether or 
not the entry sought by the search request was found within unified table 100. 
20 This bit, which is designated as the F bit, is shown in the response format 
illustrated in Figure 27. As noted above in the request format, opcodes of 
000, 001 , and 010 correspond to an L2, L3, and L4 search, respectively. The 
F bit, which indicates whether or not the desired entry was found or not, is set 
to 0 if the desired entry was found, and alternatively, set to 1 if the desired 
25 entry was not found in unified table 100. 

A general flowchart of an exemplary ingress logic is shown in Figure 
25. At step 25-1 the ingress logic begins receiving a packet, and waits for a 
sufficient amount of the packet header to be received so that the relevant 
protocol fields needed for address resolution can be parsed from the packet 
30 header. Upon receiving the packet header, the ingress logic continues to 
formulate the appropriate L2, L3, and L4 search requests at step 25-2. These 
search requests, for example, could include 2 L2 search requests, wherein 
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one search request is based upon the destination MAC address and one 
search request is based upon the source MAC address. The intent of the 
destination search request, as noted above, is to obtain the port number, the 
priority queue value, and/or any other information related to L2 switching, 
5 while the intent of a source search may be to learn the source MAC address, 
if that address is not known or found in the address table. At step 25-3 the 
ingress logic sends a search request, or requests, if more than one search is 
required, to the table logic. At step 25-4 the logic waits for a response to the 
search requests sent at step 25-3. Upon receiving a response to the search 

10 requests, the logic continues to step 25-5, wherein the ARL logic discussed 
above is executed to determine the port bitmap. Thereafter, the logic 
formulates and sends any necessary filtering requests at step 25-6. Upon 
waiting for and receiving a response to the filtering requests at step 25-7, the 
logic continues to step 25-8, wherein the final port bitmap is constructed in 

1 5 accordance with the ARL and filtering results, as discussed with regard to the 
previous embodiments. Thereafter, the logic continues to step 25-9, wherein 
the mirroring logic discussed with regard to previous embodiments is 
executed. Upon completion of the mirroring logic, the logic is completed at 
step 25-10. 

20 However, as noted above, when the ingress logic sends search 

requests, as shown in step 25-2 and 25-6 of the ingress logic, these search 
requests are not directly sent to the tables, as in the previous embodiments. 
Alternatively, in view of the multiple types of data stored in unified table100, 
the search requests generated by the ingress logic must be modified in order 

25 to effectively search for the appropriate data within unified table 100. 
Therefore, the search requests sent by the ingress logic at steps 25-2 and 25- 
6 are received by the secondary level of table logic for modification prior to 
being sent into unified table 100. An example of the secondary level of table 
logic is shown in Figure 26. At step 26-1the search requests from the ingress 

30 logic are received by the table logic. Thereafter, at step 26-2, the table logic 
determines the appropriate opcode for each individual search request, and 
constructs the key for searching unified table 100. The key in this example 
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is defined as the appropriate opcode for the particular ingress search request 
+ the search key from the ingress search request, which is discussed with 
respect to previous embodiments. At step 26-3 the modified search request 
is sent into unified tale 100, and it is determined if the entry is found. If the 
5 entry is found, then the logic continues to step 26-4, wherein the F bit is set 
to 0, and the field/action bits corresponding to the search key in the unified 
table are picked up. These field/action bits are combined with the appropriate 
opcode and the F bit to form the search response at step 26-5. This 
response, which could be an L2, L3, L4, or filtering response, is sent back to 
10 the ingress logic shown in Figure 25 and received at either step 25-4 or 25-7, 
depending upon if the response is filtering related. Returning to step 26-3, if 
the search request does not locate a corresponding entry in unified table 1 00, 
then the logic continues to step 26-6. At this step, the F bit is set to 1, 
designating that the search request was unsuccessful, and a response is 
15 constructed using the appropriate opcode in conjunction with invalid data for 
the field/action portion of the response. Thereafter, the logic continues 
through step 26-5 and sends the response to the ingress logic. Upon 
receiving the response having the F bit set to 1, the logic is programmed to 
discard the invalid field/action bits appended to the response and either learn 
20 the information in accordance with previously discussed learning procedures 
or pick up an alternate value from another source in accordance with 
predetermined procedures. 

Furthermore, as noted above, several search requests may be sent to 
the table logic at one time, which operates to increase the efficiency of the 
25 logic. Additionally, for example, as shown in Figure 28, L2, L3, L4, and 
filtering requests and responses may be packed together, and therefore, 
resolved in a single search request. As such, when the ingress logic receives 
responses to the searches from the table logic, the ingress logic then has all 
of the information necessary for packet switching. 
30 As a result of the present embodiment, a network switch is provided 

wherein the use of multiple tables to store L2, L3, L4, and filtering action 
information is eliminated. The present embodiment utilizes a single unified 
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table to store ail address resolution information, as well as all filtering action 
information. Thus, the spatial and overhead requirements of having multiple 
tables are essentially eliminated. Furthermore, in view of the use of a single 
unified table 100 to store all address resolution and filtering information, great 
5 flexibility of design is acquired, as a single SOC 10 can be configured to 
handle multiple sizes of L2, L3, L4, and filtering tables. Additionally, the 
present embodiment also includes the capability to re-define the sizes of the 
respective portions of the unified table during operation, if needed. 

The above-discussed configuration of the invention is, in a preferred 
0 embodiment, embodied on a semiconductor substrate, such as silicon, with 
appropriate semiconductor manufacturing techniques and based upon a 
circuit layout which would, based upon the embodiments discussed above, be 
apparent to those skilled in the art. A person of skill in the art with respect to 
semiconductor design and manufacturing would be able to implement the 
5 various modules, interfaces, and tables, buffers, etc. of the present invention 
onto a single semiconductor substrate, based upon the architectural 
description discussed above. It would also be within the scope of the 
invention to implement the disclosed elements of the invention in discrete 
electronic components, thereby taking advantage of the functional aspects of 
20 the invention while maximizing the advantages through the use of a single 
semiconductor substrate. 

Furthermore, although the present invention has been described based 
upon the aforementioned embodiments, it would be apparent to those of 
skilled in the art that certain modifications, variations, and alternative 
25 constructions would be apparent, while remaining within the spirit and scope 
of the invention. In order to determine the metes and bounds of the invention, 
therefore, reference should be made to the appended claims. 
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CLAIMS: 

1 . A network switch for network communications, said network switch 
comprising: 

at least one data port interface supporting a plurality of data ports 
transmitting and receiving data at a first data rate and a second data rate, said 
at least one data port interface including an ingress logic circuit in 
communication with said at least one data port interface for generating at 
least one of an ingress address resolution and a filtering search request; 

a CPU interface, said CPU interface configured to communicate with 
a CPU; 

a shared hierarchical memory structure, wherein said shared 
hierarchical memory structure includes an internal memory in communication 
with the at least one data port interface, and an external memory in 
communication with a memory management unit via an external memory 
interface; 

a communication channel, said communication channel for 
communicating data between said at least one data port interface, said 
internal memory, said CPU interface, and said memory management unit, and 

a unified table, said unified table being in connection with the 
communication channel, and the at least one data port interface, said unified 
table containing packet handling data for the network switch. 

2. A network switch as recited in claim 1 , wherein said unified table 
further comprises a single table having both address resolution information 
and filtering information stored therein. 

3. A network switch as recited in claim 1, wherein said unified table 
further comprises a single table of a predetermined size. 

4. A network switch as recited in claim 3, wherein said address 
resolution information further includes L2 information, L3 information, and L4 
information. 

5. A network switch as recited in claim 1, wherein said unified table 
further comprises: 
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a single table having both address resolution and filtering information 
therein; and 

a unified table logic circuit, said unified table logic circuit in connection 
with said single table, 

wherein said unified table logic circuit is configured to receive the 
search request from the at least one data port interface and convert the 
search request into unified table form. 

6. A network switch for network communications, said network switch 
comprising: 

at least one data port interface supporting a plurality of data ports, said 
at least one data port interface including an ingress logic circuit in 
communication with said at least one data port interface for generating an 
ingress address resolution and filtering search request; 

a unified table having a table logic circuit in communication therewith, 
said table logic circuit being in communication with the at least one data port 
interface, 

wherein the table logic circuit receives the search request from the 
ingress logic circuit and searches the unified table for an entry desired by the 
search request. 

7. A network switch for network communications as recited in claim 6, 
wherein said unified table further comprises a single table having both 
address resolution information and filtering information therein. 

8. A network switch for network communications as recited in claim 7, 
wherein said address resolution information includes L2, L3, and L4 address 
resolution information. 

9. A network switch for network communications as recited in claim 6, 
wherein said unified table is configured to receive L2 address resolution 
information, L3 address resolution information, L4 address resolution 
information, and filtering action information. 

10. A network switch for network communications as recited in claim 
9, wherein said unified table is further configured to vary the predetermined 
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quantities of L2 address information, L3 address information, L4 address 
resolution information, and filtering action information. 

1 1 . A network switch for network communications as recited in claim 
10, wherein the unified table is configured to vary the predetermined 
quantities during switch operation in accordance with spatial demands. 

12. A method for conducting address resolution and filtering in a 
network switch, said method comprising the steps of: 

receiving a packet on a port of a network switch; 

generating a search request for address resolution of the packet; 

searching a unified table having both address resolution information 
and filtering information therein with the search request to determine if a 
match to the search request is in the unified table; 

determining if the unified table contains the match to the search 
request; and 

generating a search response in accordance with an outcome of the 
determination. 

13. A method for conducting address resolution and filtering in a 
network switch as recited in claim 12, wherein generating the search request 
further comprises: 

generating an address resolution search request in a port address 
resolution logic circuit; 

receiving the address resolution search request in a unified table logic 
circuit; and 

converting the search request into a unified table formatted search 
request. 

14. A method for conducting address resolution and filtering in a 
network switch as recited in claim 13, wherein said converting step further 
comprises the steps of: 

determining a request opcode for the search request, said request 
opcode representing a type of address resolution request; and 
constructing a key for searching in the unified table, 
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wherein said key is constructed from the request opcode and a search 
key received from the port address resolution logic circuit. 

15. A method for conducting address resolution and filtering in a 
network switch as recited in claim 13, wherein said step of searching the 
unified table further comprises searching the unified table with the unified 

table formatted search request. 

16. A method for conducting address resolution and filtering in a 

network switch as recited in claim 13, wherein said step of generating a 
search response further comprises generating the search response with the 
unified table logic circuit and forwarding the search response to the port 

address resolution circuit. 

1*7. A method for conducting address resolution and filtering in a 
network switch as recited in claim 12, wherein said method further comprises 
the step of generating a search request for filtering of the packet. 

18. A method for conducting address resolution and filtering in a 
network switch as recited in claim 17, wherein said search request for filtering 
and said search request for address resolution are forwarded to a un«fied 
table logic circuit for processing. 

19. A method for switching and filtering in a network switch, said 

method comprising the steps of. 

receiving a packet at a port of a network switch; 
generating an address resolution search request and a filtering search 

request in a port switch circuit; 

receiving the address resolution search request and the filtering 

request in a unified table logic circuit; 

converting the address resolution search request and the filtering 
search request into unified table formatted requests; 

searching a unified table with the unified table formatted requests; and 
generating a response to the address resolution search request and 

the filtering search request, 

wherein the unified table contains both address resolution information 

and filtering information. 
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20. A method for switching and filtering in a network switch as recited 
in claim 19, wherein said converting step further comprises the steps of: 

determining a request opcode; and 
generating a table key, 

wherein the table key is defined by the request opcode and a search 
key obtained from the port switch circuit 

21 . A method for switching and filtering in a network switch as recited 
in claim 19, wherein said step of generating a response further comprises the 
steps of: 

determining if a desired entry is within the unified table; 
setting an F bit to 0 if the desired entry is determined to be within the 
unified table; 

setting the F bit to 1 is the desired entry is determined not to be within 
the unified table; 

constructing a search response in accordance with the determining 
step; and 

transmitting the search response to the port switch circuit. 
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Fig.3 
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